Tom Kersten
Tom Kersten
I'm also curious about this. It seems a new AuthRequest is made on every call to /oauth/authorize. Am I missing something?
@chrisjpowers You can register the IP address of your laptop as the URL for your receiver app when setting up/registering your Chromecast. I had it set up to pull from...
+1 Even in current state this is a nice addition. The people who are most interested/concerned with signed releases likely will either meet the remaining requirements in the list above...or...
Ah. Ok. I see the issue, I hadn't put the pieces around the client secret together before... Setting the expiration much further would definitely help, but woud not "resolve" the...
IDK. The simplest thing that comes to mind is recording a timestamp whenever an Anvil request takes place in localstorage. I'd have to think a bit more to come up...
Implicit: yes. I guess I wouldn't want the system to be running in "development" mode because I would want this behavior in "production" mode... The wording in the spec seems...
First, I want it to be clear I can do what @vsimonian suggests, and _I'm_ ok with it. However, it does feel a bit odd to me, would not be...
Actually, I can interpret this in two conflicting ways. > During the development phase, it would be ok for you to use a non-https endpoints, but on production, it is...
BTW, @vsimonian, nice work on reaching out to OIDC co-author. Also, the question/wording above could be applied to the OIDC spec instead of OAuth2 if necessary/more clear. ;)