You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Er þetta rétt og góð skýring á af hverju verið er að nota Implicit Flow? http://stackoverflow.com/questions/13387698/why-is-there-an-authorization-code-flow-in-oauth2-when-implicit-flow-works-s
The implicit flow is only possible in a browser environment because of security reasons:
You want to allow developers to use non-HTTPS redirect URI because not all developers have an SSL enabled server and if they do it's not always properly configured.
You don't want hackers to be able to steal access/refresh tokens by intercepting requests.
In the implicit flow the access token is passed as a hash fragment. Browsers will pass the hash fragment directly to the destination webpage/the redirect URI which is the client's webpage so you have to read the hash fragment using Javascript. Hash fragment cannot be intercepted by intermediary servers/routers.
The text was updated successfully, but these errors were encountered:
Er þetta rétt og góð skýring á af hverju verið er að nota Implicit Flow?
http://stackoverflow.com/questions/13387698/why-is-there-an-authorization-code-flow-in-oauth2-when-implicit-flow-works-s
The implicit flow is only possible in a browser environment because of security reasons:
You want to allow developers to use non-HTTPS redirect URI because not all developers have an SSL enabled server and if they do it's not always properly configured.
You don't want hackers to be able to steal access/refresh tokens by intercepting requests.
In the implicit flow the access token is passed as a hash fragment. Browsers will pass the hash fragment directly to the destination webpage/the redirect URI which is the client's webpage so you have to read the hash fragment using Javascript. Hash fragment cannot be intercepted by intermediary servers/routers.
The text was updated successfully, but these errors were encountered: