Hi Jim,
If there is enough information I think such RFC could be interesting in the
same way as "OAuth 2.0 for Native Apps" (
https://tools.ietf.org/html/draft-ietf-oauth-native-apps-07) is for native
app.
To see if the group also thinks so I would suggest to create a personal
draft and ask it t
I've been collecting opinions about the best OAuth2 workflows for SPA
applications and have come up with the following basic recommendations.
1) The more secure flow is going to be authorization code. Keep access tokens
out of the DOM/Browser history.
2) Implicit flows are your only choice if y
