Skip to main content

Token Mediating and session Information Backend For Frontend
draft-bertocci-oauth2-tmi-bff-01

Document Type Expired Internet-Draft (individual)
Authors Vittorio Bertocci , Brian Campbell
Last updated 2021-11-08 (Latest revision 2021-04-25)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text html xml htmlized pdfized bibtex
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:
https://www.ietf.org/archive/id/draft-bertocci-oauth2-tmi-bff-01.txt

Abstract

This document describes how a JavaScript frontend can delegate access token acquisition to a backend component. In so doing, the frontend can access resource servers directly without taking on the burden of communicating with the authorization server, persisting tokens, and performing complex operations within the user agent that would require configuration, error management and reliance on authorization server capabilities (such as refresh token rotation) that aren't widely available today.

Authors

Vittorio Bertocci
Brian Campbell

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)