Hi all, I just published a revised version of OAuth for Browser-Based Apps based on the feedback and discussion at IETF 115 London!
https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-12.html The primary changes are: * Rephrased the architecture patterns to focus on token acquisition * Added a new section about the various options available for storing tokens * Added a section on sender-constrained tokens and a reference to DPoP * Added a section discussing why not to use the Cookie API to store tokens At this point there are no open issues on GitHub, and I have nothing else I am planning on adding to the document. Please review if you are interested and let me know if you have any further suggestions! Aaron Parecki
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
