Victor

Then do not forget to change the links in the bottom of the app (source code, issues), just for the heck of it. Now it may be because I have...

One thing I noticed is that the minified and unminified sources seem to differ slightly in the objects/classes they expose. This was a bit hard to tackle while also trying...

One big downside of InMemoryWebStorage is that you are hitting the OP much more often and credentials are not shared between tabs on the same origin. So I would argue...

@baselbj - It is a consideration you need to make for your specific use case - Storing any credential in a browser has risks associated with it, however you do...

Both articles lean on the concept of splitting up the token and keeping part as a HttpOnly cookie and part in the FE application for authentication. The second article doesn't...

While the RFC is in draft it should not be used, it explicitly says so in the draft. While eventually something will be standardised, oauth2-server should refrain from adding uncertain/uncomplete...

Today while trying to get this discrepancy documented I reviewed the information in several specs and I think it is useful to clarify a few things. **The specification referenced by...

No worries - I have my own busy weeks too, obviously. My aim in going in this direction was definitely to keep the library spec compliant. I think there is...

We've been patching this in our fork and this looks to be doing what we need to. Any chance this can get reviewed/merged?

@Sephster As you said the access tokens are consumed by the resource server, and you think we might be violating the spec with these changes. I can see how you...