I was thinking about improving security when making use of the cookie store and was wondering if we could make use of HttpOnly cookies when using ember-simple-auth, and it seems that it actually is possible.

But to provide a little background first, this is what the owasp session management cheatsheet contains

Add native Expo Google API integration for login as a module next to WebBrowser implementation, e.g. auth/expo-google next to auth/google
Relevant docs:
https://docs.expo.io/versions/v31.0.0/sdk/google

Is your feature request related to a problem? Please describe.

I am trying to build an OpenID provider only, I do not really have any resources to which one would delegate access to. So I do not need OAuth provider, just OpenId provider. The issue is that currently documentation/example just says that OAuth handlers have to be registered before OpenId ones, but does not explain which are th

I'm working on authenticating with Bungie to do fun things with the Destiny API. In their OAuth documentation here, they specify the parameters to be used when POSTing to their token exchange endpoint, one of which is grant_type:

grant_type: Value must be set to “authorization_code”.

Inside of exchangeForToken() it