You may be right. I no longer have the setup for this at hand but I believe
it depended on relaxing the domain settings through the now deprecated (and
in some browsers already removed or otherwise void) document.domain
property.
If the flow is unrecoverable it makes no sense to spend effort on ke
That's an interesting use-case for relay mode and might be a reason to
cover it.
However, we believe the current code for the relay mode in
draft-sakimura-oauth-wmrm-01 does not work. The same-origin policy
should prevent this line from working:
messageTargetWindowReference =
e.source.docum
Hello Filip,
my bad, you are right. "Compatible" was the wrong word to use.
Yes, a client implementing draft-sakimura-oauth-wmrm-01 would expect a
different message structure than defined in our draft.
We are not fixed to the message structure in our current draft and are
open to discuss adj
>
> We do not consider the relay mode. The relay mode is motivated by the use
> of the implicit grant which is discouraged nowadays.
Motivation aside, if my memory serves right (and that's a big IF in this
case), the relay mode was not limited to implicit responses and was useful
regardless of th
>
> our draft covers and is compatible to what's called "simple mode" (both
> with and without prompt) in draft-sakimura-oauth-wmrm-00/-01.
So a client that's using a simple mode with web_message today could,
without change, utilize your draft as well? That doesn't seem likely given
the message s
Hello Filip,
our draft covers and is compatible to what's called "simple mode" (both
with and without prompt) in draft-sakimura-oauth-wmrm-00/-01.
We do not consider the relay mode. The relay mode is motivated by the
use of the implicit grant which is discouraged nowadays.
The main differen
Hello Karsten,
Can you summarize in what ways is your draft compatible
with draft-sakimura-oauth-wmrm-00? Which of the described modes in Nat's
document does it cover?
There are existing implementations (both partial and full)
of draft-sakimura-oauth-wmrm-00 so if your draft is not compatible I w
Hi all,
we would like to ask again for feedback on our draft for the
"web_message" response mode:
*https://datatracker.ietf.org/doc/draft-meyerzuselha-oauth-web-message-response-mode/
*
We think it would be very helpful for implementers and developers to
specify a secure standard for a postM
