<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">Those are already broken for a long time, aren't they?</span><br><br><div dir="ltr">Sent from my iPhone</div><div dir="ltr"><br><blockquote type="cite">On Mar 25, 2020, at 22:54, Brock Allen via Openid-specs-ab <openid-specs-ab@lists.openid.net> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div id="__MailbirdStyleContent" style="font-size: 10pt;font-family: Lucida Console;color: #000000"><div><span style="font-size: 13.3333px">These recent changes (and how Brave is implemented) really means that clients written in the browser as JavaScript can't use OIDC.</span></div><div><span style="font-size: 13.3333px"><br></span></div><div><span style="font-size: 13.3333px">* iframe token renewal is broken</span></div><div><span style="font-size: 13.3333px">* check_session endpoint is broken</span></div><span style="font-size: 13.3333px"><div><span style="font-size: 13.3333px"><br></span></div>https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/</span><div><br></div><div><span style="font-size: 13.3333px">https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/</span></div><div><br></div><div>Thoughts?</div><div><div><br></div><div class="mb_sig">-Brock<div><br></div></div></div></div><span>_______________________________________________</span><br><span>Openid-specs-ab mailing list</span><br><span>Openid-specs-ab@lists.openid.net</span><br><span>http://lists.openid.net/mailman/listinfo/openid-specs-ab</span><br></div></blockquote></body></html>