On Fri, Dec 28, 2018 at 03:55:15PM -0700, Brian Campbell wrote: > > The observed behavior of the browsers surveyed seems logical and rather > reasonable (and better than the last time I futzed with it). Importantly it > means that for the situation described in the email that started this > thread (a javascript client making a fetch/XHR request to an MTLS token > endpoint), users using browsers that are not configured with, or have > access to, any client keys/certs will not see any UI prompt at all. I > suspect that not having client certs set up is the situation for the vast > majority of users and their browsers. And for those that do have client
Is this still true when we limit to the set of users/browsers that are employees of big corporations? -Ben > certs set up, I think they are more likely to be the kind of user that is > able to deal with the UI prompt okay. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
