Yes, that was with the default cookie policy (on a coworker's macbook, and he doesn't use safari as his main browser)
On Wed, Nov 28, 2018 at 11:20 AM Torsten Lodderstedt < tors...@lodderstedt.net> wrote: > with the default cookie policy? > > > Am 23.11.2018 um 14:34 schrieb Thomas Broyer <t.bro...@gmail.com>: > > > > Just tested my OpenID Connect Session Management implementation with > Safari 12.0.1 and it works like a charm. > > > > On Thu, Nov 22, 2018 at 8:09 PM George Fletcher <gffletch= > 40aol....@dmarc.ietf.org> wrote: > > My understanding is that cookies are not blocked on redirects > (IPT2/Safari) but I haven't done extensive testing. So from a full-page > redirect perspective there should be no issues, from a hidden iframe I'm > not sure... but I believe it will work. > > > > > > On 11/21/18 11:49 PM, Torsten Lodderstedt wrote: > >> Hi George, > >> > >> > >>> Am 20.11.2018 um 22:15 schrieb George Fletcher <gffle...@aol.com> > >>> : > >>> > >>> OIDC provides a "prompt=none" mechanism that allows the browser app to > request a new token in a hidden iframe. OAuth2 doesn't describe this flow.. > Note that full authentications of users should NOT happen in iframes due to > click-jacking attacks. > >>> > >> Does this still work reliably given the limitations imposed by the > browserâs 3rd party cookie policies? > >> > >> kind regards, > >> Torsten. > >> > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth