Support 'Web Message' Response Ty;e
matty234 opened this issue · comments
Matt Brown commented
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- This issue affects my Ory Cloud project.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Describe your problem
The web message response type is used by commercial OAuth2 services (such as Auth0) to support token retrieval without requiring the browsing context to change.
Describe your ideal solution
The ideal solution would be for HTML containing the WebMessage script (with a specific origin matching the redirect URL) to be returned when the response_type
is set to web_message
.
The approach could be restricted to only public clients using PKCE to prevent misuse?
Workarounds or alternatives
Version
v0.42.1
Additional Context
No response
hackerman commented
Please see #658 (review)