Hi, The WG is currently putting together best practices for native apps. I would like to better understand the best practices around ua-based-apps, especially as it relates to token storage. I've read various blog posts about the preference between storing tokens in cookies vs. Web Storage (localStorage/sessionStorage). The current set of specs are rather silent on the matter, as it is more of an implementation issue (but that is where most mistakes are made).
What is the WG's guidance on this?
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
