{"id":4880,"date":"2016-03-30T09:37:41","date_gmt":"2016-03-30T15:37:41","guid":{"rendered":"http:\/\/allidm.com\/blog\/?p=4880"},"modified":"2016-03-30T09:41:38","modified_gmt":"2016-03-30T15:41:38","slug":"oauth2-the-implicit-flow-aka-as-the-client-side-flow","status":"publish","type":"post","link":"https:\/\/allidm.com\/blog\/oauth2-the-implicit-flow-aka-as-the-client-side-flow\/","title":{"rendered":"OAuth2: the Implicit Flow, aka as the Client-Side Flow"},"content":{"rendered":"<h2>OAuth2: the Implicit Flow, aka as the Client-Side Flow<\/h2>\n<p>The Implicit Flow (some call it Implicit Grant Flow, too) is called like that, as the required access token is sent back to the client application without the need for an authorization request token. This makes the whole flow pretty easy, but also less secure. As the client application, which is typically JavaScript running within a Browser is less trusted, no refresh tokens for long-lived access are returned. You should use this flow for client-side web applications (JavaScript clients) that need temporary access (a few hours) to the user\u2019s data. Returning an access token to JavaScript clients also means that your browser-based application needs to take special care \u2013 think of XSS (Cross-Site Scripting) Attacks that could leak the access token to other systems. <\/p>\n<p>Read more at &#8211; <a href=\"http:\/\/labs.hybris.com\/2012\/06\/05\/oauth2-the-implicit-flow-aka-as-the-client-side-flow\/\" target=\"_blank\">OAuth2: the Implicit Flow, aka as the Client-Side Flow<\/a><\/p>\n<p><a href=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2015\/11\/Allidm-IdentityAccessManagement.png\" rel=\"attachment wp-att-4613\"><img data-recalc-dims=\"1\" decoding=\"async\" data-attachment-id=\"4613\" data-permalink=\"https:\/\/allidm.com\/blog\/logmote-has-launched-its-unified-authentication-single-sign-on-sso-solution-into-the-global-security-market\/allidm-identityaccessmanagement\/#main\" data-orig-file=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2015\/11\/Allidm-IdentityAccessManagement.png?fit=10%2C10&amp;ssl=1\" data-orig-size=\"10,10\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Allidm Identity Access Management Post Image\" data-image-description=\"&lt;p&gt;Identity and Access Management Post Image&lt;\/p&gt;\n\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2015\/11\/Allidm-IdentityAccessManagement.png?fit=10%2C10&amp;ssl=1\" loading=\"lazy\" src=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2015\/11\/Allidm-IdentityAccessManagement.png?resize=10%2C10\" alt=\"Allidm Identity Access Management Post Image\" width=\"10\" height=\"10\" class=\"alignnone size-full wp-image-4613\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OAuth2: the Implicit Flow, aka as the Client-Side Flow The Implicit Flow (some call it Implicit Grant Flow, too) is called like that, as the required access token is sent back to the client application without the need for an authorization request token. This makes the whole flow pretty easy, but also less secure. As [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[210,6,43],"tags":[1521,1520],"class_list":["post-4880","post","type-post","status-publish","format-standard","hentry","category-cloud-2","category-news","category-iam-identity-solutions","tag-iam-js","tag-iam-oauth2"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p25vfy-1gI","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/4880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/comments?post=4880"}],"version-history":[{"count":2,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/4880\/revisions"}],"predecessor-version":[{"id":4882,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/4880\/revisions\/4882"}],"wp:attachment":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/media?parent=4880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/categories?post=4880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/tags?post=4880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}