Chad leads engineering for the Banno platform at Jack Henry & Associates where he builds modern online banking experiences for US banks using web components.
@cramforce My favorite task is to work on core vitals scores for our app for this very reason. Another good one is to improve automated tests. Nobody gives love to test suites.
@cramforce I 100% agree. The one-sided crusade to destroy them directly affects multiple integrations that used them only for positive outcomes (AKA not tracking). I just want auth to work in my iframes ...
Did you know that import maps can be used to solve the waterfall problem and improve caching for your PWA? Our apps are now shipping import maps to production to address this. https://t.co/gbYTSEfZVB
After working on a large ES module project that runs 100% in a modern browser without a build first, switching to anything that requires a build step for development makes me groan.
Over 4 million bank and credit union customers on the @BannoJHA platform can now login to their online banking site using biometrics thanks to #WebAuthN. Can your bank do that?
#WebAuthN for primary factor logins was an incredibly challenging project. We spent a lot more time talking about the use cases than actually implementing it. You can read more about what makes it difficult at https://t.co/nBKddeBskS
@MykeBates@dbkahn Without the protection of the HTTPOnly flag on cookies and without a content security policy any such auth token is very susceptible to theft.
With the upcoming end of 3rd party cookies I am seeing a rise in cookieless auth solutions particularly for framed content. These same apps rarely have content security policy. I forsee this going very badly.
@cramforce@tokumin Prompting in app to update helps along with the ability to force an update. For security reasons our apps allow forced updates but we try to avoid using that feature.
@jakedolan Google Assistant acts as the OAuth client and calls a 3rd party OAuth server. It has very very few options. It's the Google client that doesn't support PKCE.