Skip to main content

Token Mediating and session Information Backend For Frontend

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Vittorio Bertocci , Brian Campbell
Last updated 2021-11-08 (Latest revision 2021-04-25)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document describes how a JavaScript frontend can delegate access token acquisition to a backend component. In so doing, the frontend can access resource servers directly without taking on the burden of communicating with the authorization server, persisting tokens, and performing complex operations within the user agent that would require configuration, error management and reliance on authorization server capabilities (such as refresh token rotation) that aren't widely available today.


Vittorio Bertocci
Brian Campbell

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)