Hi George, > Am 20.11.2018 um 22:15 schrieb George Fletcher <gffle...@aol.com>: > > OIDC provides a "prompt=none" mechanism that allows the browser app to > request a new token in a hidden iframe. OAuth2 doesn't describe this flow. > Note that full authentications of users should NOT happen in iframes due to > click-jacking attacks.
Does this still work reliably given the limitations imposed by the browserâs 3rd party cookie policies? kind regards, Torsten.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth