- From: Peter Linss <notifications@github.com>
- Date: Wed, 19 Apr 2023 22:26:16 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 20 April 2023 05:26:22 UTC
@maxpassion and I looked at this during our Tokyo F2F. One question that came up is about getting user consent for the re-auth flow. It seems like in addition to the RP opting-in to this flow, perhaps the user should also have the option to (or be required to) opt-in during the initial login flow. e.g. when prompted for intiial permissions have to choice of 'Remember me' or 'Only for this session' or such. Our concern is if a user uses FedCM to log in to a service on a public terminal, would the next person using the same terminal be able to sign back in to the original service without knowing the user's credentials? (or at least gain some knowledge about the previous user having an account on the service and possibly login name.) -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/813#issuecomment-1515733897 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/813/1515733897@github.com>
Received on Thursday, 20 April 2023 05:26:22 UTC