> On 25. Mar 2020, at 14:55, Dominick Baier <dba...@leastprivilege.com> wrote: > > This > > https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/ > > Really means that “modern” SPAs based on a combination of OIDC and OAuth will > not work anymore > > both > > * silent-renew for access token management > * OIDC JS session notifications > > Will not work anymore. Or don’t work anymore already today - e.g. in Brave. > > This means SPAs would need to be forced to do refresh tokens - and there is > no solution right now for session notifications. > > Maybe the browser apps BCP / OAuth 2.1 should strictly advice against the > “browser apps without a back-end” scenario and promote the BFF style > architecture instead.
Sound reasonable to me. > > Cheers > ——— > Dominick Baier > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
