Skip to Main Content
Getting Started with OAuth 2.0
book

Getting Started with OAuth 2.0

by Ryan Boyd
February 2012
Beginner to intermediate content levelBeginner to intermediate
78 pages
2h 13m
English
O'Reilly Media, Inc.
Content preview from Getting Started with OAuth 2.0

Chapter 3. Client-Side Web Applications Flow

The Implicit Grant flow for browser-based client-side web applications is very simple. In this flow, an access token is immediately returned to the application after a user grants the requested authorization. An intermediate authorization code is not required as it is in the server-side Web Application flow (see Chapter 2).

Figure 3-1 shows a step-by-step flow diagram, based on a diagram from the specification.

Client-Side Web Applications flow: Step-by-step

Figure 3-1. Client-Side Web Applications flow: Step-by-step

When Should the Implicit Grant Flow Be Used?

The Implicit Grant flow should be used when

  • Only temporary access to data is required.

  • The user is regularly logged into the API provider.

  • The OAuth client is running in the browser (using JavaScript, Flash, etc.).

  • The browser is strongly trusted and there is limited concern that the access token will leak to untrusted users or applications.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

OAuth 2 in Action

OAuth 2 in Action

Justin Richer, Antonio Sanso
Mastering OAuth 2.0

Mastering OAuth 2.0

Charles Bihis

Publisher Resources

ISBN: 9781449317843Errata PageSupplemental Content