https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-4.3..2
has "Replace implicit flow with postmessage communication or ..." but
without a defined and interoperable way of using postmessage communication
in place of the implicit flow that "proposed countermeasure" seems a
proble
On Tue, Dec 24, 2019 at 12:27 AM Brian Campbell
wrote:
>
> https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-4.3.2
> has "Replace implicit flow with postmessage communication or ..." but without
> a defined and interoperable way of using postmessage communication in place
