Stack Overflow
Stack Overflow

Questions tagged [implicit-flow]

47 questions
2
votes
0 answers

Angular, Keycloak, and SSO Automatic login with angular-oauth2-oidc

We are attempting to create the following setup within our environment... Angular 4.4+ application which uses Keycloak as the authentication server which has AD Federation and Kerberos support. This is to provide our intranet users with a true SSO…
Bryce Martin
  • 129
  • 3
  • 17
2
votes
0 answers

How do I use custom logic in Identity Server 4 to limit who can be issued an id token or access token

I've got a SPA written with with Angular, and it communicates with a few APIs (also owned by me) to do all of its work. To secure the application, I am using Identity Server 4 with AAD as the single external provider. I'm using a route guard in…
devbmc
  • 35
  • 5
2
votes
1 answer

When using Implicit Flow with a SPA, where do we actually create the account in our Database?

I'm trying to understand how OAuth2.0 Implicit Flow (with OIDC) works with a pretty simple SPA/Mobile client (aka Client) and my REST Api (aka Resource Server) and creating new accounts. I more or less understand how the Client can request a token…
Pure.Krome
  • 84,693
  • 113
  • 396
  • 647
1
vote
0 answers

Angular oauth2-oidc - What part of the configuration retrieves the token and where does it store it?

I'm trying to use the library angular-oauth2-oidc in my application. This is my AuthConfig const adsfUrl = 'https://xxxx.xxxxx.xxx/adfs'; export const ADSF_AUTH_CONFIG: AuthConfig = { redirectUri: window.location.origin, clientId:…
eddy
  • 4,373
  • 16
  • 60
  • 94
1
vote
1 answer

OAuth2 Implicit Flow with C# Windows Forms

I'm developing a c# windows forms app that needs to authenticate using the Implicit Flow (The client does not accept another flow). As requirement, I need to open the default system browser to authenticate (so no embedded web view on the…
António
  • 975
  • 1
  • 12
  • 31
1
vote
1 answer

How to implement Implicit Flow for Angular application using IdentityServer4

I have been reading the Quickstart from IdentityServer4 and still have some doubts on how to implement the Implicit flow for a SPA. My setup is the following: IdentityServer4 as the token server An API that needs protection (using WebAPICore) A SPA…
user10892598
  • 11
  • 3
1
vote
0 answers

What is the ideal expiration time for oauth2 implicit flow

I understand that the access-tokens are issued with a short expiration time in OAuth2 implicit flow, so that the application is forced to continually refresh them (using iframes or other means), giving the service a chance to revoke an application’s…
Vinay
  • 2,667
  • 1
  • 18
  • 21
1
vote
1 answer

Enable OAuth 2.0 implicit flow capability for the Azure AD application

I am trying to run the application for my study on using microsoft graph rest api in outlook web add-in. I found this link.They have asked to Enable OAuth 2.0 implicit flow capability for the Azure AD application in the setup instructions. I would…
Jugan
  • 23
  • 1
  • 6
1
vote
1 answer

OAuth Implicit flow is failing, Navigation is blocked: assistant-handoff

We are trying out oauth implicit flow for Smart home integration with google actions. After successfully authenticating userid and password, redirection against redirect_uri (Sample given below) is failing with the below error (Extracted from…
Pradeep
  • 135
  • 2
  • 7
1
vote
1 answer

ClickJacking threat while using hidden iFrames for refreshing tokens in OAUTH Implicit flow

We are developing an Angular 5 based application which uses Secure Auth (https://www.secureauth.com/) as the Identity and Access Control solution. We were planning to use the Implicit Flow. In most of the OAuth Clients we found that hidden iFrames…
Sabarish Sathasivan
  • 1,196
  • 2
  • 19
  • 42
0
votes
0 answers

Refresh token using Implicit flow. OpenIdDict

According to documentation, while Implicit Flow - we can`t get refresh_token. Microsoft, suggest us to use prompt=none and cookie authorization to update token when it was expired: The implicit grant does not provide refresh tokens. Both id_tokens…
JamesBondCaesar
  • 193
  • 2
  • 8
0
votes
0 answers

Keycloak - manually set a client secret

I wonder if it'd be possible with keycloak, through the REST API or the admin dashboard, to manually set the client_secret for a given client_id. Why would I need this ? I want to distribute Desktop apps that will have the credentials hard-coded to…
braoutch
  • 13
  • 4
0
votes
0 answers

How to validate access token with implicit flow on backend?

I didn't make such decisions with implicit flow (I know it's not so good to use it), but I currently have situation where I have to validate my access token on backend(Java 8). Is it okay for every request with access token additionally call oidc…
Alex09
  • 1
  • 1
0
votes
1 answer

OIDC : url differences in code flow and implicit flow

I am new to OIDC. I am referring to video to use OIDC into my application. Looking at the URL's for Code flow (Response type: Code) and Implicit flow (Response type: Id_token) I have noticed something strange, in redirect URL code is provided as a…
sql_dummy
  • 715
  • 8
  • 23
0
votes
1 answer

Sample Code for OIDC Implicit Code Flow in Java

I am new to implicit flow using OIDC and I am looking for sample code. I could not find anything on internet. Can someone provide links to sample code anywhere. Any help is really appreciated.
SJB
  • 17
  • 1
  • 9
1
2
3 4