Implicit Grant
Description
Implicit Grant flow is an alternative for Authorization Code flow. This flow just receives access_token
in query string fragment instead of obtaining securecode
. It's indented for client-side apps use in order to access an API, typically as Web SPA applications. For more detailed information, read OAuth 2.0 specification.
Authorization Endpoint
GET
[base]/auth/authorize
Obtaining access token
Query Parameters
Name | Type | Description |
---|---|---|
state | string | a value used by the client to maintain state between the request and callback |
scope | string | scope of the access request |
redirect_uri | string | client redirect URI |
client_id | string | client ID |
response_type | string | value MUST be set to |
After this request, the resource owner (user) will be redirected to Log-in/Sign-up page.
Next step is granting access to the client:
After granting access the user is redirected to the redirect_uri from the client configuration with access_token
in query string fragment.
Example
Last updated