Releases: oauth-wg/oauth-browser-based-apps
Releases · oauth-wg/oauth-browser-based-apps
Draft 22: Addressing AD review
- Addressed AD review (#64)
- Moved RFC6819 reference to informal
- Added missing references from prose
- Replaced references to living standards with references to snapshots
Updated references
draft-ietf-oauth-browser-based-apps-21 fixed references from shepherd writeup review
Draft 19
- Updated references
Draft 18
- Addressed last call comments from Justin Richer and Andy Barlow
- Updated description of the benfits of Token-Mediating Backend pattern
- Added SVG diagrams in HTML version
- Added privacy considerations for BFF pattern
- Consistent use of "grant type", "grant" and "flow"
Draft 17
What's Changed
- more silent frame edits by @panva in #33
- 6.1.3.3.3. Use Anti-forgery/double submit cookies by @damienbod in #34
- Moved new section on in-browser flows by @philippederyck in #38
- Addressed comments from Elar Lang by @philippederyck in #37
- Reworded significant burden by @philippederyck in #36
- Reworded text based on PR comments by @philippederyck in #39
New Contributors
- @damienbod made their first contribution in #34
Full Changelog: draft-ietf-oauth-browser-based-apps-16...draft-ietf-oauth-browser-based-apps-17
Contributors
panva, damienbod, and philippederyck
Assets 2
Draft 16
- Applied editorial changes from Filip Skokan and Louis Jannett
- Clarified when cookie encryption applies
- Added a section with security considerations on the use of
postMessage
Draft 15
Huge thanks to @philippederyck for the massive amount of work that went into this update!
- Restructured document to have top-level recommended and discouraged architecture patterns
- Consolidated guidelines for public JS clients in a single section
- Added more focus on best practices at the start of the document
- Added Philippe De Ryck as an author
Contributors
philippederyck
Assets 2
Draft 13
- Corrected some uses of "DOM"
- Consolidated CSRF recommendations into normative part of the document
- Added links from the summary into the later sections
- Described limitations of Service Worker storage
- Minor editorial improvements
Draft 12
draft-ietf-oauth-browser-based-apps-12 update changelog
Draft 11
- Added a new architecture pattern: Token Mediating Backend
- Revised and added clarifications for the Service Worker pattern
- Editorial improvements in descriptions of the different architectures
- Rephrased headers and rearranged some sections