Hi OAuth, The authors of draft-ideskog-assisted-token [1] have approached me requesting that the draft be published as an Informational RFC in the Independent Submission Stream [2].
The draft extends the OAuth 2.0 framework to include an additional authorization flow for single page applications called the assisted token flow. It is intended to enable OAuth clients that are written in scripting languages (such as JavaScript) to request user authorization using a simplified method. Communication leverages HTML's iframe element, child windows, and the postMessage interface. This communication is done using an additional endpoint, the assisted token endpoint. It is clear to me that this work could be in scope for OAuth and I want to be sure that both: - there is no interest within the WG in pursuing this approach - there is no perceived harm to existing OAuth work if this goes ahead I'd appreciate any opinions. Many thanks, Adrian -- Adrian Farrel (Independent Submissions Editor), rfc-...@rfc-editor.org [1] https://datatracker.ietf.org/doc/draft-ideskog-assisted-token/ [2] https://www.rfc-editor.org/about/independent/ > > -- Adrian Farrel (ISE), rfc-...@rfc-editor.org _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
