issues
search
oauth-wg
/
oauth-browser-based-apps
Best practices for OAuth in Browser-Based Apps
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps
Other
22
stars
12
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Discussing the usage of localStorage/sessionStorage for session management
#53
randomstuff
opened
1 month ago
4
Fragments, performance, and historic notes.
#52
will-bartlett
opened
2 months ago
2
Working Group Last Call
#51
aaronpk
opened
2 months ago
2
feat: narrowing ascii-art and adding svg support
#50
duncanwd
closed
2 months ago
0
Draw diagrams with tools instead of raw ASCII
#49
philippederyck
closed
2 months ago
0
Add BCP references to the normative section
#48
philippederyck
opened
2 months ago
0
Reworded the benefits of the Token Mediating Backend
#47
philippederyck
closed
2 months ago
0
Feedback
#46
0xandybarlow
closed
2 months ago
1
Processed review from Justin Richer
#45
philippederyck
closed
2 months ago
1
Address outstanding comments from Justin Richer
#44
philippederyck
closed
2 months ago
1
Properly render sublists
#43
philippederyck
closed
2 months ago
2
Consistently use *applications* or *apps*
#42
philippederyck
closed
2 months ago
1
Add BFF advice for performance purposes
#40
emmanuelgautier
closed
2 months ago
4
Reworded text based on PR comments
#39
philippederyck
closed
4 months ago
1
Moved new section on in-browser flows
#38
philippederyck
closed
4 months ago
0
Addressed comments from Elar Lang
#37
philippederyck
closed
4 months ago
0
Reworded *significant burden*
#36
philippederyck
closed
4 months ago
0
Follow up on review for merged PR
#35
philippederyck
closed
4 months ago
1
6.1.3.3.3. Use Anti-forgery/double submit cookies
#34
damienbod
closed
4 months ago
1
more silent frame edits
#33
panva
closed
4 months ago
0
DPoP
#32
criztovyl
closed
4 months ago
2
6.1.3.2 Question: benefits of encrypting cookie contents in BFF security
#31
nike61
closed
4 months ago
1
IETF 118 followup review
#30
panva
closed
4 months ago
0
Added section on the security of in-browser communication flows
#29
iphoneintosh
closed
4 months ago
1
Fix minor editorial issues
#28
iphoneintosh
closed
4 months ago
0
security advantage BFF makes nonce based CSP possible
#27
damienbod
closed
7 months ago
1
Suggestion: add new section 6.1.3.3.3. Use Anti-forgery cookies
#26
damienbod
closed
4 months ago
5
6.1.4.3 Suggestion: change text and remove significant burden
#25
damienbod
closed
4 months ago
8
Added section on the threats of malicious JS
#24
philippederyck
closed
8 months ago
1
Restructured document
#23
philippederyck
closed
10 months ago
5
BFF proxy storing access tokens in browser as `HttpOnly` cookies
#22
johakoch
closed
1 year ago
2
review feedback: mitigating unregistering SW
#21
ymajoros
closed
1 year ago
0
review of latest feedbacks: restructuring, mitigating attack where a service worker is bypassed
#20
ymajoros
closed
1 year ago
4
about constricting all authentication to a service worker
#19
ymajoros
closed
1 year ago
1
about constricting all authentication to a service worker
#18
ymajoros
closed
1 year ago
0
about storing tokens in local or session storage
#17
ymajoros
closed
1 year ago
0
refactor: js client
#16
ymajoros
closed
1 year ago
0
reworked some architectural patterns
#15
ymajoros
closed
1 year ago
0
Add reference to TMI BFF as an additional variation on the BFF pattern
#14
aaronpk
closed
1 year ago
1
Introducing Service Worker. Refactored section about architectural pa…
#13
ymajoros
closed
1 year ago
1
Improve with backend
#12
kmzs
closed
3 years ago
0
Added note to use Secure cookie attribute to first architecture
#11
kmzs
closed
3 years ago
0
Improve code flow
#10
kmzs
closed
3 years ago
0
Improve implicit flow
#9
kmzs
closed
3 years ago
0
Improve without backend
#8
kmzs
closed
3 years ago
0
Security bcp update
#7
kmzs
closed
3 years ago
0
Update draft to cover latest changes of the security BCP
#6
kmzs
closed
1 year ago
5
Typos and minor fixes
#5
kmzs
closed
3 years ago
0
Clarify "JS apps with a backend"
#4
aaronpk
closed
2 years ago
0
Add architectural pattern of using a Service Worker as the OAuth client
#3
aaronpk
closed
1 year ago
2
Next