OAUTH2 User Agent via Window Post Message
Session topic: UserAgent flow based on Windows Post Message (W4A)
Convener: Breno de Medeiros
Notes-taker(s): Breno de Medeiros
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
- Define the JS-binding-aware provider behavior to be able to handle the multiple request by preferring the postmessage variant.
- Have the JS libraries configured to handle either behavior automatically, with minimum configuration of an additional static servlet for providers that require a fixed pre-registered Uri, and very simple additional client side configuration to define the client.
Native app extension:
- Extend the postmessage flow to native apps using custom URI schemes.
I was asked to provide a link to a forum for further discussion. I created a Google group where we can start this conversation until we have an umbrella WG in a receptive spec community. https://groups.google.com/forum/#!forum/oauth2-postmessage-profile