Has anyone using this library explored using it in conjuction with service workers for handling a public app refresh token?
So I've been exploring different approaches to securing a refresh token on a public app. Currently from my readings the best recommended approach is to use a Backend For Frontend (BFF) OAuth2 proxy, but there is a draft IETF Best Current Practices (BCP) that discusses using a browser ServiceWorker as an alternative proxy for holding and maintaining a refresh token.
It looks like the library would need to be adapted to use the service worker Cache to manipulate and deal with the access and refresh token properties since service workers can't access sessionStorage or localStorage. I'd be interested in helping to code this up, if this seems like it'd be a viable option for the library. If it doesn't fit the scope of this library, just let me know :)
Has anyone using this library explored using it in conjuction with service workers for handling a public app refresh token?
So I've been exploring different approaches to securing a refresh token on a public app. Currently from my readings the best recommended approach is to use a Backend For Frontend (BFF) OAuth2 proxy, but there is a draft IETF Best Current Practices (BCP) that discusses using a browser ServiceWorker as an alternative proxy for holding and maintaining a refresh token.
I'm wondering if anyone leveraging this library has explored that approach? The IETF BCP link is here: https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-12.html#name-acquiring-tokens-from-a-ser
It looks like the library would need to be adapted to use the service worker Cache to manipulate and deal with the access and refresh token properties since service workers can't access sessionStorage or localStorage. I'd be interested in helping to code this up, if this seems like it'd be a viable option for the library. If it doesn't fit the scope of this library, just let me know :)