Implicit Grant flow. Supported but not recommendted to use
Implicit flow is not recommended to use since there is a risk of leaking access token without any confirmation it was received by the client. More over, some servers prohibit this flow entirely. Aidbox supports Implicit Grant flow but we don't enjoy it very much.
Implicit Grant flow is an alternative for Authorization Code flow. This flow just receives
access_tokenin query string fragment instead of obtaining secure
code. It's indented for client-side apps use in order to access an API, typically as Web SPA applications. For more detailed information, read OAuth 2.0 specification.
After this request, the resource owner (user) will be redirected to Log-in/Sign-up page.
Next step is granting access to the client:
After granting access the user is redirected to the redirect_uri from the client configuration with
access_tokenin query string fragment.
Request access token
curl -X GET \
HTTP/1.1 302 Found