stommepoes · Jun 10, 2020 · 5:00 PM UTC

stommepoes

stommepoes @stommepoes

10 Jun 2020

@aaronpk hi! I'm curious if you have thoughts on what this post explores infi.nl/nieuws/spa-necromanc… (also yay, PSL and cookies. <-- This needs a real solution in the next several years.)

SPA Necromancy

infi.nl

Aaron Parecki · Jun 10, 2020 · 5:15 PM UTC

Aaron Parecki · Jun 10, 2020 · 5:15 PM UTC

Aaron Parecki @aaronpk

10 Jun 2020

Replying to @stommepoes

I don't see a mention of the "easy" option of just redirecting to the IdP to get a new token. With a well-configured IdP, that redirect step is almost instantaneous. And if you say it's not, chances are the fault is with the SPA loading too slow, so go fix that first.

Jun 10, 2020 · 5:15 PM UTC

stommepoes · Jun 10, 2020 · 5:18 PM UTC

stommepoes @stommepoes

10 Jun 2020

Replying to @aaronpk

I might ask the author if they're avoiding that for some reason. Thanks. I'm still learning this whole area myself. Am I okay feeling weird about using query strings for comms between 2 domains, or are these just normal and don't have anything really valuable with them alone?

stommepoes · Jun 10, 2020 · 5:20 PM UTC

stommepoes @stommepoes

10 Jun 2020

The article's first problem, I figured it's not awful to just ask users to re-auth. But it mentions the "Other similar things will break too". Redirects for those would still be a good direction to look?