> On the other hand, i cannot identify any significant drawbacks to using this > response mode, aside from inconsistent support across implementations.
What about - UX - FOUC or briefly displayed submit page at the AS when it's sending responses - sameSite - the client is required to use sameSite=none for the cookies they expect to load at the redirect_uri, that may include session related cookies for which sameSite=none is the exact opposite of what they should strive for. - Filip > 25. 10. 2025 v 15:21, Andrey Kuznetsov <[email protected]>: > > On the other hand, i cannot identify any significant drawbacks to using this > response mode, aside from inconsistent support across implementations. _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
