Matt Randall

icon indicating an email [email protected]

icon company Cerner Corporation icon location Kansas City, MO

Results 6 comments of Matt Randall

Scope of phasing out of third-party cookies

@vishparshav - In your example, both domains share an eTLD+1 and are thus considered to be "samesite". For purposes of third-party cookie phaseout, "third-party" means domains that are not "samesite"....

Scope of phasing out of third-party cookies

> This is an example similar to what we have on our side where you can consider call being made to https://gold-uncovered-headline.glitch2.me/ metaphorically and I am seeing the cookies being...

Question: Support for IdleDetector interface exposure to ServiceWorker?

Hi @Sora2455, > Push Notifications that don't show visible notifications to the user are currently disallowed in all browsers, and I don't see that changing. I'll clarify what I was...

Spec should clarify that id_token is required, userinfo endpoint is optional for AS OIDC support.

Section 5.4 of the OIDC specification would imply a UserInfo endpoint would be required when supporting the _profile_ scope (as an access token is returned in all SMART authorization workflows)....

Spec should clarify that id_token is required, userinfo endpoint is optional for AS OIDC support.

@isaacvetter - I'd agree that returning the values in the id_token is both simple and secure. - I'd also agree it's difficult to determine if it is or isn't valid...

Spec should clarify that id_token is required, userinfo endpoint is optional for AS OIDC support.

The only clarifications that I think may need to be addressed are: - What does requesting the "profile" scope return? Is it the demographics in the id_token and/or the user's...