Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Darshana, On Sat, Sep 28, 2019 at 8:29 PM Darshana Gunawardana wrote: > Hi Johann, > > On Sat, Sep 21, 2019 at 10:43 AM Johann Nallathamby > wrote: > >> Hi Thanuja, >> >> Did we consider sending the access token itself as a secure, http-only >> cookie to the browser instead of binding it to

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Prakhash, On Mon, Sep 23, 2019 at 4:34 PM Prakhash Sivakumar wrote: > Hi Johann, > > On Sat, Sep 21, 2019 at 7:13 AM Johann Nallathamby > wrote: > >> Hi Thanuja, >> >> Did we consider sending the access token itself as a secure, http-only >> cookie to the browser instead of binding it to a s

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Thanuja, On Sat, Sep 28, 2019 at 8:28 PM Darshana Gunawardana wrote: > Hi Johann, > > On Sat, Sep 21, 2019 at 10:43 AM Johann Nallathamby > wrote: > >> Hi Thanuja, >> >> Did we consider sending the access token itself as a secure, http-only >> cookie to the browser instead of binding it to a

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Johann, On Sat, Sep 21, 2019 at 10:43 AM Johann Nallathamby wrote: > Hi Thanuja, > > Did we consider sending the access token itself as a secure, http-only > cookie to the browser instead of binding it to a separate cookie? This will > also simplify the development on the client side, in case

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Johann, On Sat, Sep 21, 2019 at 7:13 AM Johann Nallathamby wrote: > Hi Thanuja, > > Did we consider sending the access token itself as a secure, http-only > cookie to the browser instead of binding it to a separate cookie? This will > also simplify the development on the client side, in case

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Thanuja, Did we consider sending the access token itself as a secure, http-only cookie to the browser instead of binding it to a separate cookie? This will also simplify the development on the client side, in case someone wants to build their own SPA. Regards, Johann. On Mon, Sep 2, 2019 at 1

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Update: Table structure will be updated as follows, IDN_OAUTH2_ACCESS_TOKEN ( TOKEN_ID VARCHAR (255), ACCESS_TOKEN VARCHAR(2048), REFRESH_TOKEN VARCHAR(2048), CONSUMER_KEY_ID INTEGER, AUTHZ_USER VARCHAR (100), TENANT_ID INTEG

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Hasintha, We are going to introduce the capability to bind the token to an external attribute as a part of this feature. So the updated schemas will be as follows, IDN_OAUTH2_ACCESS_TOKEN ( TOKEN_ID VARCHAR (255), ACCESS_TOKEN VARCHAR(2048), REFRESH_TOKEN VA

Re: [Dev] Binding access token to the browser for new IAM Portal Applications

Hi Thanuja, I have few questions on this. How are we going to bind the token to the cookie (Is this a new entry to a table) ? Is this an existing cookie (may be commonAuth ID) or a new cookie ?. Furthermore, How are we going to handle the scenario where the same user logs in from multiple browse

[Dev] Binding access token to the browser for new IAM Portal Applications

Hi All, With the introduction of new IAM portal applications, there is a requirement to provide additional security measures to secure these SPAs. We have already implemented the OAuth2 authorization code flow(public client) with PKCE for these applications and with this feature, it will be possib