%% You should probably cite draft-ietf-oauth-browser-based-apps instead of this I-D.
@techreport{bertocci-oauth2-tmi-bff-01,
    number =    {draft-bertocci-oauth2-tmi-bff-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-bertocci-oauth2-tmi-bff/01/},
    author =    {Vittorio Bertocci and Brian Campbell},
    title =     {{Token Mediating and session Information Backend For Frontend}},
    pagetotal = 18,
    year =      2021,
    month =     apr,
    day =       25,
    abstract =  {This document describes how a JavaScript frontend can delegate access token acquisition to a backend component. In so doing, the frontend can access resource servers directly without taking on the burden of communicating with the authorization server, persisting tokens, and performing complex operations within the user agent that would require configuration, error management and reliance on authorization server capabilities (such as refresh token rotation) that aren't widely available today.},
}