86°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • mallory, alice & bob https://twitter.com/stommepoes   •   Jun 10
    @aaronpk hi! I'm curious if you have thoughts on what this post explores https://infi.nl/nieuws/spa-necromancy/

    (also yay, PSL and cookies. <-- This needs a real solution in the next several years.)
    Aaron Parecki
    I don't see a mention of the "easy" option of just redirecting to the IdP to get a new token. With a well-configured IdP, that redirect step is almost instantaneous. And if you say it's not, chances are the fault is with the SPA loading too slow, so go fix that first.
    Portland, Oregon • 67°F
    Wed, Jun 10, 2020 10:15am -07:00
    3 replies
    • mallory, alice & bob twitter.com/stommepoes
      The article's first problem, I figured it's not awful to just ask users to re-auth. But it mentions the "Other similar things will break too". Redirects for those would still be a good direction to look?
      Wed, Jun 10, 2020 5:20pm +00:00 (via brid-gy.appspot.com)
    • Aaron Parecki twitter.com/aaronpk
      There's always a risk using query strings so it depends on what it's for. This is also only affecting cookies so you can still make API requests across domains if things are set up right.
      Wed, Jun 10, 2020 5:20pm +00:00 (via brid-gy.appspot.com)
    • mallory, alice & bob twitter.com/stommepoes
      I might ask the author if they're avoiding that for some reason. Thanks. I'm still learning this whole area myself. Am I okay feeling weird about using query strings for comms between 2 domains, or are these just normal and don't have anything really valuable with them alone?
      Wed, Jun 10, 2020 5:18pm +00:00 (via brid-gy.appspot.com)
Posted in /replies using quill.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv