My understanding is that cookies are not blocked on redirects
(IPT2/Safari) but I haven't done extensive testing. So from a full-page
redirect perspective there should be no issues, from a hidden iframe I'm
not sure... but I believe it will work.
On 11/21/18 11:49 PM, Torsten Lodderstedt wrote:
Hi George,
Am 20.11.2018 um 22:15 schrieb George Fletcher <gffle...@aol.com>:
OIDC provides a "prompt=none" mechanism that allows the browser app to request
a new token in a hidden iframe. OAuth2 doesn't describe this flow. Note that full
authentications of users should NOT happen in iframes due to click-jacking attacks.
Does this still work reliably given the limitations imposed by the browserâs
3rd party cookie policies?
kind regards,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
