Curity proposes a new IETF standard to secure Single Page Applications with OAuth

At IETF 101 in London, we were presenting the recently suggested RFC to the OAuth working group that will allow developers to secure their SPA in a standardized way. Until now, there hasn’t been a way in OAuth for clients to request user authorization when using scripting languages such as JavaScript. The Assisted Token flow leverages HTML’s iframe element, child windows, and the postMessage interface and is a way simpler approach compared to building your own solution based upon the with the implicit grant type flow. The proposed RFC is found here