with the default cookie policy? > Am 23.11.2018 um 14:34 schrieb Thomas Broyer <[email protected]>: > > Just tested my OpenID Connect Session Management implementation with Safari > 12.0.1 and it works like a charm. > > On Thu, Nov 22, 2018 at 8:09 PM George Fletcher > <[email protected]> wrote: > My understanding is that cookies are not blocked on redirects (IPT2/Safari) > but I haven't done extensive testing. So from a full-page redirect > perspective there should be no issues, from a hidden iframe I'm not sure... > but I believe it will work. > > > On 11/21/18 11:49 PM, Torsten Lodderstedt wrote: >> Hi George, >> >> >>> Am 20.11.2018 um 22:15 schrieb George Fletcher <[email protected]> >>> : >>> >>> OIDC provides a "prompt=none" mechanism that allows the browser app to >>> request a new token in a hidden iframe. OAuth2 doesn't describe this flow. >>> Note that full authentications of users should NOT happen in iframes due to >>> click-jacking attacks. >>> >> Does this still work reliably given the limitations imposed by the browserâs >> 3rd party cookie policies? >> >> kind regards, >> Torsten. >> > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
