@aaronpk hi! I'm curious if you have thoughts on what this post explores infi.nl/nieuws/spa-necromanc… (also yay, PSL and cookies. <-- This needs a real solution in the next several years.)

I don't see a mention of the "easy" option of just redirecting to the IdP to get a new token. With a well-configured IdP, that redirect step is almost instantaneous. And if you say it's not, chances are the fault is with the SPA loading too slow, so go fix that first.

I might ask the author if they're avoiding that for some reason. Thanks. I'm still learning this whole area myself. Am I okay feeling weird about using query strings for comms between 2 domains, or are these just normal and don't have anything really valuable with them alone?