Cross Browser SSO?

Cantor, Scott cantor.2 at
Thu May 9 19:29:56 EDT 2019

On 5/9/19, 4:59 AM, "users on behalf of Harald Strack" <users-bounces at on behalf of hstrack at> wrote:

> Voila, SSO accomplished. What do you think? Would this be a decent 
> working architecture or should we avoid such a solution?

I think you should avoid trying to invent a protocol. Throwing bearer tokens around is a good way to end up with a serious security problem. If you want a better experience, I'd look at something like U2F or WebAuthn with more well-understood security properties.

-- Scott

More information about the users mailing list