My understanding is that cookies are not blocked on redirects
(IPT2/Safari) but I haven't done extensive testing. So from a full-page
redirect perspective there should be no issues, from a hidden iframe I'm
not sure... but I believe it will work.
On 11/21/18 11:49 PM, Torsten Lodderstedt wrote
On Thu, Nov 22, 2018 at 5:50 AM Torsten Lodderstedt
wrote:
> Hi George,
>
> > Am 20.11.2018 um 22:15 schrieb George Fletcher :
> >
> > OIDC provides a "prompt=none" mechanism that allows the browser app to
> request a new token in a hidden iframe. OAuth2 doesn't describe this flow..
> Note that f
Hi all,
I would like to discuss a text proposal for the security BCP.
Background:
Yesterday, Neil pointed out the following problem with binding access
tokens using mTLS or token binding in SPAs:
"I am talking about scripts from places like ad servers that are usually
included via an iframe to
