Software Development by Patrik

Implicit Flow

Steps

  1. The user navigates to SPA, which redirects the user to IdP to sign in.
  2. User signs in (and authorizes the application, if needed).
  3. IdP returns the user to SPA with Access Token and ID Token.
  4. JavaScript code in SPA stores the Access Token and ID Token in the browser's localStorage and sends the Access Token to the REST API server for every request it makes (usually as an Authorization: Bearer <access token> header).
  5. If needed, REST API Server checks the validity of the Access Token by talking to the IdP. (Often, signing the token in the IdP and verifying that signature will be enough, and no communication is actually necessary.)
NOTE: As of April 2019, the OAuth Working Group no longer recommends the use of Implicit Flow for most cases because there are better, more secure ways to accomplish the same things.
Add to Set
Add to Set
Share
Share on Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Send via Email Copy Link to Clipboard
Referenced in:

Comments

Leave a Comment

All fields are required. Your email address will not be published.
Copyright © Snippset 2022. All Rights Reserved.