Implicit Grant
Implicit Grant flow is an alternative for Authorization Code flow. This flow instead of obtaining securecode just receives access_token in query string fragment. It's indented for client-side apps use in order to access an API, typically as Web SPA applications. For more detailed information, read OAuth 2.0 specification.
getAuthorization Endpoint
get
[base]/auth/authorize
Obtaining access token
Request
Response
Request
Query Parameters
state
optional
string
a value used by the client to maintain state between the request and callback
scope
optional
string
scope of the access request
redirect_uri
optional
string
client redirect URI
client_id
required
string
client ID
response_type
required
string
value MUST be set to
tokenResponse
302: Found
Redirect
[redirect_uri]#access_token=YzI3ZjQ1M2MtYzFlYi00ZjI3LWI2MzgtOTQ0MWI0ZmIzZjBi&state=eyJoYXNoIjoiIy9pbXBsaWNpdC9iYXNpYyIsImZvcm0tZGF0YSI6eyJ0eXBlIjoiYmFzaWMiLCJiYXNpYyI6eyJjbGllbnQtaWQiOiJpbXAtY2xpZW50In19LCJmb3JtLXBhdGgiOiJpbXBsaWNpdC1wYWdlIn0%3D
After this request resource owner (user) will be redirected to Log-in/Sign-up page.
Next step is granting access to the client:
After granting access user is redirected to the redirect_uri from the client configuration with access_token in query string fragment.
Create client
Create client
POST /Client​id: imp-clientresourceType: Clientgrant_types:- implicitauth:implicit:redirect_uri: http://localhost:3449/auth.html
Request access token
Response
Request access token
curl -X GET \'http://localhost:8081/auth/authorize?state=example&client_id=imp-client&redirect_uri=http%3A%2F%2Flocalhost%3A3449%2Fauth.html&response_type=token'
Response
HTTP/1.1 302 Found​Location: http://localhost:3449/auth.html#access_token=ZGE0ZmQzZTYtOGU0OC00MDJhLWFkN2ItZTg5ZmViYjdmNTQ2&state=example
1
Last updated 3 months ago