You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Give guidance that enforcement of same device use of the protocol is something the authorization server should do, in addition to a design time constraint.
From Roy Williams:
At the end of section (5) there is a paragraph that talks about limiting Cross-device protocols on the same device. It does not seem to be something that a client could\would know about when let’s say YouTube TV requests auth and it ends up on Authenticator on the same device. In theory this would then be the Authenticator Service’s Job to determine this situation and respond with a well known pattern to drive the client to engage in a local oath call directly to authenticator.
Give guidance that enforcement of same device use of the protocol is something the authorization server should do, in addition to a design time constraint.
From Roy Williams:
Full feedback here: https://mailarchive.ietf.org/arch/msg/oauth/wC0iOyc9bPxcvv8OmnAt0EcKw6I/
The text was updated successfully, but these errors were encountered: