Well, that’s very unfortunate and very surprising to say the least.
Is there any way to turn an existing (valid) token into a browser session? For instance pass it as a query parameter to the popout html?
Something like:
Or maybe include it as an HTTP header somehow?