Implicit Grant

Description

Implicit Grant flow is an alternative for Authorization Code flow. This flow just receives access_token in query string fragment instead of obtaining securecode. It's indented for client-side apps use in order to access an API, typically as Web SPA applications. For more detailed information, read OAuth 2.0 specification.
Basic scheme
get
[base]/
auth/authorize
Authorization Endpoint
After this request, the resource owner (user) will be redirected to Log-in/Sign-up page.
Example
Next step is granting access to the client:
Example
After granting access the user is redirected to the redirect_uri from the client configuration with access_token in query string fragment.

Example

Create client
1
POST /Client
2
Accept: text/yaml
3
Content-Type: text/yaml
4
5
id: imp-client
6
resourceType: Client
7
grant_types:
8
- implicit
9
auth:
10
implicit:
11
redirect_uri: http://localhost:3449/auth.html
Copied!
Request access token
Response
1
curl -X GET \
2
'http://localhost:8081/auth/authorize?
3
state=example
4
&client_id=imp-client
5
&redirect_uri=http%3A%2F%2Flocalhost%3A3449%2Fauth.html
6
&response_type=token'
Copied!
1
HTTP/1.1 302 Found
2
3
Location: http://localhost:3449/auth.html#access_token=ZGE0ZmQzZTYtOGU0OC00MDJhLWFkN2ItZTg5ZmViYjdmNTQ2
4
&state=example
Copied!