Re: [OAUTH-WG] OAuth for Browser-Based Apps

2024-03-25 Thread Justin Richer
5:40 AM To: Justin Richer Cc: oauth Subject: Re: [OAUTH-WG] OAuth for Browser-Based Apps Hi Justin, Thank you for your detailed review. > §9+ this draft should add privacy considerations, particularly for BFF > pattern's proxy architecture.e I wanted to ask for a bit more context

Re: [OAUTH-WG] OAuth for Browser-Based Apps

2024-03-24 Thread Philippe De Ryck
Hi Justin, Thank you for your detailed review. > §9+ this draft should add privacy considerations, particularly for BFF > pattern's proxy architecture.e I wanted to ask for a bit more context on this comment. I understand that having a proxy as a separate entity would expose all requests/resp

[OAUTH-WG] OAuth for Browser-Based Apps

2024-03-14 Thread Justin Richer
As promised at the last meeting, I have been able to do a full review of the OAuth for Browser Based Applications draft spec, and my notes are attached, indexed by sections and paragraphs where possible. Even though my notes are extensive, I do want to say that overall the document is in great

Re: [OAUTH-WG] OAuth for Browser-Based Apps Draft 12

2022-12-07 Thread Aaron Parecki
Thank you, you're absolutely correct. I've updated a few uses of that to something hopefully more accurate. There are a few more uses of "DOM" still and I would love someone who has more experience with browsers than me to review those for accuracy as well! Thanks! Latest editor's draft: https://

Re: [OAUTH-WG] OAuth for Browser-Based Apps Draft 12

2022-12-07 Thread Thomas Broyer
On Wed, Dec 7, 2022 at 1:07 AM Aaron Parecki wrote: > Hi all, > > I just published a revised version of OAuth for Browser-Based Apps based > on the feedback and discussion at IETF 115 London! > > https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-12.html > > The primary changes a

[OAUTH-WG] OAuth for Browser-Based Apps Draft 12

2022-12-06 Thread Aaron Parecki
Hi all, I just published a revised version of OAuth for Browser-Based Apps based on the feedback and discussion at IETF 115 London! https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-12.html The primary changes are: * Rephrased the architecture patterns to focus on token acquis