- From: Daniel Rubery <notifications@github.com>
- Date: Wed, 20 Aug 2025 16:04:45 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 20 August 2025 23:04:49 UTC
drubery left a comment (w3ctag/design-reviews#1052) I also received feedback from Snap, one of our Origin Trial participants. Their feedback: > We've basically implemented DBSC as a wrapper to a single endpoint that is already doing a token refresh flow. So in our current state, I think it would be possible to integrate with their proposal, however it seems like a worse model than what has already been implemented. We were able to implement DBSC without involving a ton of other web teams at Snap because it's encapsulated and abstracted well. By exposing this extra state to the application, it seems much more complex since you introduce a new failure mode that needs to be recovered explicitly to every client api. The current implementation abstracts the deferral and refresh from the client application in a way that it doesn't need to handle a new failure mode, since a failed refresh is already the same state as an invalid session for any other reason. That suggests we are accomplishing our goal of substantially lowering the bar to adoption by moving complexity into the browser. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/1052#issuecomment-3208321722 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/1052/3208321722@github.com>
Received on Wednesday, 20 August 2025 23:04:49 UTC