0

I am looking for best approach to implement the Open Id Authorization Code flow in Angular JS. Have got examples on Implicit flow to get the temporary tokens: id_token and access_token, but i need to get the long-lived token : refresh token. Looks like I need to go for authorization code flow, where i would get the "code" based on the user credentials, and thereby using that "code" would get the refresh_token.

Ours is Angular/ Web API project(not using MVC). Is it recommended to use authorization code flow at client side? if so, what is the best approach/ best library that we can achieve this use case?

Balaji
  • 127
  • 13

1 Answers1

0

keep in mind that the implicit flow is the recommended one for SPA application like angular, because it's better to send and access_token with a short lifetime rather than sending a a long lifetime token that can be used easily to generate access_tokens. but if you insist you can use the Hybrid flow, authorization code flow is more for server to server communication :

enter image description here

Fateh Mohamed
  • 20,445
  • 5
  • 43
  • 52