@aaronpk Thanks for all your very helpful OAuth materials, and especially for your IndieWeb work. Question: A lot of the complexity of OAuth seems to come from avoiding security issues with passing tokens in the address bar ("front channel"). 1/

Why not open a new tab for interacting with the auth server, while simultaneously opening a back channel request in the original session? Once the user has authenticated/authorized from the new tab, the back channel request would resolve. 2/