[Openid-specs-ab] Browser Interactions STC - Meeting Notes - 2021-06-30

Brock Allen brockallen at gmail.com
Mon Jul 5 15:35:09 UTC 2021

Thanks for the write up, Tim.

General question I've been meaning to ask for the past few months -- I notice a bunch of effort is being put into thinking about the iframe scenarios (OIDC front-channel logout, JS token renewal, JS check session notification).

Given that some browsers have already broken those scenarios, why would anyone keep putting effort into them? If ~10%+ of your user base can't use these features given their browser preference, then as an application/identity architect I'd conclude that I can't use them at all in my design.

My current thinking is that if you have a cross-site IdP, then your web app must have a back-end, use refresh tokens, and back channel logout to simply function these days.

What am I missing?

On 6/30/2021 3:54:09 PM, Tim Cappalli via Openid-specs-ab <openid-specs-ab at lists.openid.net> wrote:
Hey all,  
Here are the meeting notes from today's special topic call. Please feel free to add or correct anything. 
openid / connect / wiki / Browser Interactions Special Topics Call - 20210630 — Bitbucket [https://bitbucket.org/openid/connect/wiki/Browser%20Interactions%20Special%20Topics%20Call%20-%2020210630]

Next meeting is in two weeks on July 14th (UTC). 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210705/d049ff8a/attachment.html>

More information about the Openid-specs-ab mailing list