Implicit flow
Requirements
Public application types.
Setup
Client registration in the OAuth server.
Client receives ClientID.
Not regulated by OAuth.
Limitations
No client authentication.
No refresh tokens.
Resource owner uses a mobile or client-based Web App.
The client.
The client uses the resource server API to get a resource.
The resource server redirects the client to the OAuth server.
The OAuth server authenticates the resource owner.
And sends an access token to the client.
The client uses again the resource server API to get a resource.
This time providing an access token.
Last updated