features.webMessageResponseMode

draft-sakimura-oauth-wmrm-01 - OAuth 2.0 Web Message Response Mode

Note

This is an experimental feature.

Specifies whether Web Message Response Mode capabilities shall be enabled. When enabled, the authorization server shall support the web_message response mode for returning authorization responses via HTML5 Web Messaging. The implementation shall support only Simple Mode operation; authorization requests containing Relay Mode parameters will be rejected.

recommendation: Although a general advice to use a helmet (e.g. for express, koa) it is especially advised for your interaction views routes if Web Message Response Mode is enabled in your deployment. You will have to experiment with removal of the Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy headers at various endpoints throughout the authorization request end-user journey to finalize this feature.

default value:

{
  ack: undefined,
  enabled: false
}

---