Re: [OAUTH-WG] Re-creation of Access Token on Single Page Application

2021-03-14 Thread David Waite
> On Mar 14, 2021, at 8:36 PM, Tatsuya Karino wrote: > > On Safari, you have no workaround. > 3rd-party cookie is dead, and all JS-writable data is removed in 7 days there. > > As you stated, option 1 does not work in cross-site scenarios in Safari & > Brave at the moment. Other browsers are

Re: [OAUTH-WG] Re-creation of Access Token on Single Page Application

2021-03-14 Thread Tatsuya Karino
> > On Safari, you have no workaround. > 3rd-party cookie is dead, and all JS-writable data is removed in 7 days > there. As you stated, option 1 does not work in cross-site scenarios in Safari & > Brave at the moment. Other browsers are likely to follow the same pattern > in the future. > Option

Re: [OAUTH-WG] Re-creation of Access Token on Single Page Application

2021-03-13 Thread Philippe De Ryck
> On 13 Mar 2021, at 07:52, Tatsuya Karino wrote: > > By the way, I also wonder what is the better option to use OAuth2.0 on SPA > Client (3rd party) with good UIUX. > In my understanding, there are two options to achieve it. > 1. Using response_momde=web_message or 2.Using Refresh Token with fi

Re: [OAUTH-WG] Re-creation of Access Token on Single Page Application

2021-03-13 Thread Nov Matake
On Safari, you have no workaround. 3rd-party cookie is dead, and all JS-writable data is removed in 7 days there. What you can do is open popup or call storage access api each time you need new token. iPadから送信 > 2021/03/13 15:51、Tatsuya Karino のメール: >  > > However, do you need OAuth in such si

Re: [OAUTH-WG] Re-creation of Access Token on Single Page Application

2021-03-12 Thread Tatsuya Karino
> However, do you need OAuth in such situation? > Same-site cookie seems much simpler there. yeah, right. For a 1st party application, we don't need to use the delegation of privilege. Using Same-site cookies is simple. But I also think if the company provide their APIs to 3rd party application

Re: [OAUTH-WG] Re-creation of Access Token on Single Page Application

2021-03-12 Thread Nov Matake
Your mechanism seems work fine. However, do you need OAuth in such situation? Same-site cookie seems much simpler there. iPadから送信 > 2021/03/13 0:45、Tatsuya Karino のメール: > >  > Hi all, > > I'm looking for the specification to generate a new Access Token with > authentication session in a Sin

[OAUTH-WG] Re-creation of Access Token on Single Page Application

2021-03-12 Thread Tatsuya Karino
Hi all, I'm looking for the specification to generate a new Access Token with authentication session in a Single Page Application with good User Experience. There is a draft, OAuth 2.0 Web Message Response Mode . And it's called silent auth