OAuth for Browser-Based Apps Draft 12 • Aaron Parecki

44°F

OAuth WG
OAuth for Browser-Based Apps Draft 12

December 6, 2022
I just published a revised version of OAuth for Browser-Based Apps based on the feedback and discussion at IETF 115 London!

https://www.ietf.org/archive/id/draft-ietf-oauth-browser-based-apps-12.html

The primary changes are:
- Rephrased the architecture patterns to focus on token acquisition
- Added a new section about the various options available for storing tokens
- Added a section on sender-constrained tokens and a reference to DPoP
- Added a section discussing why not to use the Cookie API to store tokens
At this point there are no open issues on GitHub, and I have nothing else I am planning on adding to the document. Please review if you are interested and let me know if you have any further suggestions!
Portland, Oregon • 42°F

Tue, Dec 6, 2022 4:20pm -08:00 #oauth #ietf
Have you written a response to this? Let me know the URL:

Posted in /articles using quill.p3k.io