[OAUTH-WG] best practices for storing access token for implicit clients
Doug Tangren <d.tangren@gmail.com> Thu, 30 June 2011 19:45 UTC
Return-Path: <d.tangren@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DAC911E80CF for <oauth@ietfa.amsl.com>; Thu, 30 Jun 2011 12:45:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pYvsJgCGdZXN for <oauth@ietfa.amsl.com>; Thu, 30 Jun 2011 12:45:49 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id B81FA11E80C5 for <oauth@ietf.org>; Thu, 30 Jun 2011 12:45:43 -0700 (PDT)
Received: by iwn39 with SMTP id 39so2827864iwn.31 for <oauth@ietf.org>; Thu, 30 Jun 2011 12:45:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; bh=TZwOxvUO0lMzhQ//D2YPbxLcyPk7BVLzoc1Kj3h/lyA=; b=GUfylt+HiYVo7p0o23QZka+iBBC6Amcsc8zXnP0YfQvqF/p3SoqTk69+Svf6VYqU8k FdNuJW+2gLejWEclkIQUSLsJQoZoGKvqrZ3tBZhJwtE6gYfsHTk4voQXNBve4P1fQXC8 TOuYNlIOeF61nzIJW1mq/TYoO/U/R6GNHBvYg=
Received: by 10.43.130.134 with SMTP id hm6mr2527511icc.517.1309463143063; Thu, 30 Jun 2011 12:45:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.190.209 with HTTP; Thu, 30 Jun 2011 12:45:23 -0700 (PDT)
From: Doug Tangren <d.tangren@gmail.com>
Date: Thu, 30 Jun 2011 15:45:23 -0400
Message-ID: <BANLkTimU=RGHpHJTb97xvnpaqxqbc_qLhw@mail.gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="20cf307d01d07d1f1504a6f32553"
Subject: [OAUTH-WG] best practices for storing access token for implicit clients
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2011 19:45:49 -0000
What is the current recommended practice of storing an implicit client's access_tokens? LocalStorage, im mem and re-request auth on every browser refresh? -Doug Tangren http://lessis.me
- [OAUTH-WG] best practices for storing access toke… Doug Tangren
- [OAUTH-WG] best practices for storing access toke… Doug Tangren
- Re: [OAUTH-WG] best practices for storing access … Marius Scurtescu
- Re: [OAUTH-WG] best practices for storing access … Eran Hammer-Lahav
- Re: [OAUTH-WG] best practices for storing access … Larry Suto
- Re: [OAUTH-WG] best practices for storing access … Ian McKellar
- Re: [OAUTH-WG] best practices for storing access … Ian McKellar
- Re: [OAUTH-WG] best practices for storing access … Doug Tangren