diff options
author | Lars Wirzenius <liw@liw.fi> | 2019-03-31 18:50:47 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2019-03-31 18:50:47 +0300 |
commit | c3fb1165df74aa3e3a8ce18983f4c05721632780 (patch) | |
tree | 887661f48fb78a25d5b65f758cfc4b9eaa459f15 | |
parent | c26ee73aafd211365b3b8bb51ca4466887c9617e (diff) | |
download | ick.liw.fi-c3fb1165df74aa3e3a8ce18983f4c05721632780.tar.gz |
Add: note the browser is insecure
-rw-r--r-- | yuck.mdwn | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -230,7 +230,9 @@ authentication. to authenticate themselves). * The facade holds the access token on behalf of an authenticated end - user. + user. The access token can't be given to the browser, since the + browser can't be assumed to be highly secure, from the point of view + of the relying party. * The facade talks to a backend, giving it the user's access token as proof of authentication and authorization. |