I've read on multiple pages that hidden iFrames are used for silent authentication, but I couldn't figure out yet why. What are the benefits to using an iFrame over directly sending a GET Request to the Identity Server?
It's a convenient way to get around the Single-Origin-Policy in the browser when we want to do cross-origin requests (across domains).
This was a popular approach when we didn't have the more modern CORS feature to get around the SOP-policy.
Here's some additional resources about this: