Thank you!
On the RT, more questions:
- where would you save the RT? Iam thinking of the no-backend case in
particular. There’s a lot of heartburn in the community on where to save
access tokens already, given the larger scope of refresh tokens I would
expect objections there would be
> Am 06.12.2018 um 02:31 schrieb Vittorio Bertocci
> :
>
> Hey Torsten/Tomek,
> Can I ask a clarification on the below?
> Torsten, you mentioned that an AS doesn't need to issue a RT- the browser
> code can just repeat an authorization request. Did I get it right?
> But in order to preserve
Hey Torsten/Tomek,
Can I ask a clarification on the below?
Torsten, you mentioned that an AS doesn't need to issue a RT- the browser
code can just repeat an authorization request. Did I get it right?
But in order to preserve the user experience, that cannot really happen as
a full page redirect;
As mentioned during IIW when this pattern was borught up: I think readers
should receive a stronger warning about the known challenges of that
approach. Namely, assuming that the developer wants to perform API calls
from the browser:
- Making the app backend the true client for the AS is
Hiya,
In section 1:
The STS
protocol defined in this specification is not itself RESTful (an STS
doesn't lend itself particularly well to a REST approach) but does
utilize communication patterns and data formats that should be
familiar to developers accustomed to working with
> On Dec 5, 2018, at 5:16 AM, Torsten Lodderstedt
> wrote:
>
> Hi Tomek,
>
>> Am 04.12.2018 um 19:03 schrieb Tomek Stojecki :
>>
>> Thanks Torsten!
>> So if I am putting myself in the shoes of somebody who sets out to do that -
>> switch an existing SPA client (no backend)
>
> I would
Hi Tomek,
> Am 05.12.2018 um 15:27 schrieb Tomek Stojecki :
>
> Hi Torsten,
>
> On Wednesday, December 5, 2018, 1:17:08 PM GMT+1, Torsten Lodderstedt
> wrote:
>
>
> >> So if I am putting myself in the shoes of somebody who sets out to do that
> >> - switch an existing SPA client (no
Hi Torsten,
On Wednesday, December 5, 2018, 1:17:08 PM GMT+1, Torsten Lodderstedt
wrote:
>> So if I am putting myself in the shoes of somebody who sets out to do that
>> - switch an existing SPA client (no backend)
> I would like to ask you a question: how many SPAs w/o a backend
Hi Tomek,
> Am 04.12.2018 um 19:03 schrieb Tomek Stojecki :
>
> Thanks Torsten!
> So if I am putting myself in the shoes of somebody who sets out to do that -
> switch an existing SPA client (no backend)
I would like to ask you a question: how many SPAs w/o a backend have you seen
in your