locked
Implicit Grant Flow RRS feed

  • Question

  • User-590375999 posted

    Hi,

    Vanilla js spa application consume resource from asp.net web api ,

    can i use Implicit Grant Flow? if can , can anyone provide link that explain implement Implicit flow with  js front end and web api back end.?

    is it possible to use Authorization Code flow for this scenario ?

    Wednesday, April 15, 2020 1:19 PM

All replies

  • User415553908 posted

    From this Auth0 blog post:

    If you are building a new SPA, you should consider implementing the new guidance based on authorization code with PKCE. 
    If you already have SPA apps in your portfolio, they are likely based on the implicit flow — and almost certainly already take steps to mitigate the known issues the approach entails. It is up to you to decide whether you are still satisfied with the mitigations you already have in place, or if it's worth it to update your code to adhere to the new recommendations.

    If you're after an implementation guidelines - check out this Auth0 page here. It also mentions when and how you should opt for Auth Code flow. 

    Note: I am not affiliated with Auth0 and I don't use their services. I just find their documentation to be easy to follow.

    Wednesday, April 15, 2020 9:04 PM
  • User-590375999 posted

    Hi,

    Thanks for your reply...

    Can you provide example link to implement Auth Code Flow with SPA ? 

    Thursday, April 16, 2020 5:31 AM
  • User415553908 posted

    This Auth0 blog post seems to provide relevant inforamtion (start reading from "Using the Authorization Code Grant from JavaScript")

    Saturday, April 18, 2020 10:25 AM
  • User-590375999 posted

    Hi,

    Seems like auth code flow is not ready for production

    Sunday, April 19, 2020 9:43 AM