Implicit Grant
Implicit Grant flow. Supported but not recommendted to use
Last updated
Implicit Grant flow. Supported but not recommendted to use
Last updated
Implicit flow is not recommended to use since there is a risk of leaking access token without any confirmation it was received by the client. More over, some servers prohibit this flow entirely. Aidbox supports Implicit Grant flow but we don't enjoy it very much.
It is better to switch to Authorization Code Grant with PKCE extension instead
Implicit Grant flow is an alternative for Authorization Code flow. This flow just receives access_token
in query string fragment instead of obtaining securecode
. It's indented for client-side apps use in order to access an API, typically as Web SPA applications. For more detailed information, read OAuth 2.0 specification.
The easiest way to test Implicit Grant flow is to run through the Aidbox Sandbox UI (Auth -> Sandbox -> Implicit).
GET
[base]/auth/authorize
Obtaining access token
state
string
a value used by the client to maintain state between the request and callback
scope
string
scope of the access request
redirect_uri
string
client redirect URI
client_id
string
client ID
response_type
string
value MUST be set to
token
After this request, the resource owner (user) will be redirected to Log-in/Sign-up page.
Next step is granting access to the client:
After granting access the user is redirected to the redirect_uri from the client configuration with access_token
in query string fragment.