Questions tagged [implicit-flow]
47 questions
0
votes
2 answers
Using Azure B2C and Sign in with Apple / MSAL.JS / Implicit Flow - Acquiring token silent failing with X-Frame Deny error
I am currently using a React app which uses MSAL.js to authenticate with an Apple Identity Provider I have registered in Azure B2C. I have based my implementation on a guide: Post-GA Revisit of “Sign In with Apple” for Azure AD B2C
Everything is…
Philip Young
- 87
- 8
0
votes
1 answer
Implicit Flow is not reacting properly in Azure AD
I have a React SPA that calls a Node API that in turns calls another Node API. I configured the first API to allow for user1 to have access. I configured the second API to ONLY allow the first API to access it. When user1 clicks the button to make…
Obie_One
- 81
- 10
0
votes
1 answer
Azure B2C implicit flow: acquire new access token witout the use of an iFrame
In the Azure B2C documentation you have this information about silently acquiring new access tokens when the previous one expired.
ID tokens and access tokens both expire after a short period of time.
Your app must be prepared to refresh these…
Antoine Charbonneau
- 25
- 7
0
votes
1 answer
Changing Claims of an already authenticated User?
Is there any way we could pass extra parameters to the signinsilent / silent refresh call from oidc-client based on which I could add extra claims to the access token?
Basically we have resource servers and authorisation server ( identity server 4…
0
votes
1 answer
Azure Web App - Azure AD - SPA - `token` missing from response_type
We are using an Azure Web App and using the web app's Authentication to enforce Azure AD authentication. We have it somewhat working, but are trying to get an access token as we are using that to lock down API calls. Looking at the network calls,…
Matt M
- 1,093
- 2
- 11
- 26
0
votes
1 answer
How to do Silent Refresh manually in implicit flow using iFrame (using Identity Server 4, Angular 2+)
I am trying to do silent refresh using iFrame with Implicit Flow. I do not want to use automaticSilentRenew as it is not efficient. I am using oidc-client library in Angular 8 on the client side. So, there are two things which are happening :
1.) I…
Tarun Ohri
- 43
- 1
- 7
0
votes
1 answer
Actions On Google: Implicit Oauth Flow, redirect fails
I implemented my own Oauth server for the implicit flow, following the instructions of: https://developers.google.com/actions/identity/oauth2?oauth=implicit
It seems quick simple as I just need to redirect the token after checking client details.…
Jose Cerón
- 41
- 3
0
votes
1 answer
How to revoke access token with Single Page Application and openid connect implicit flow?
Recently I have written a Identity provider with openid connect. I have expose endpoint both token and oauth flow.
I know that we cannot provide refresh token to revoke either of the token in case of SPA. So what i have did is when my access token…
Jason Williams
- 5
- 6
0
votes
1 answer
Replay attacks when using the Implicit Flow
I have a React App that is using implicit flow to authorize the user.
The flow goes like this:
1. If no access token or user info saved in sessionStorage - user gets redirected to the login page.
2. User logs in and gets redirected to the home page…
Vadym
- 3
- 2
0
votes
1 answer
Is it possible to have Implicit flow authentication without cookies?
I'm working on projects that use both .NET Framework and .NET Core using ID Server 3/4 respectfully (and of course separately) and I have become aware of the Implicit flow and how it works for Javascript clients. I do notice that it uses cookies and…
Dandré
- 2,053
- 3
- 18
- 38
0
votes
1 answer
SPA calling a WebAPI calling a WebAPI
I am building a SPA (javascript) which will call WebAPI A (.net MVC API) and which in turn will call (server side) WebAPI B (.net MVC API).
All three entities are protected by ADFS4 (OAuth2). In my workflow I want WebAPI A to call WebAPI B on behalf…
George
- 21
- 6
0
votes
1 answer
actions-on-google implicit flow and access_token change?
I have developed a Google Action for Assistant (with Api.ai). I have to use a Sign-in method because my app use a website where the user have to sign-in and make something.
In the action console I setup account linking with IMPLICIT method and under…
0
votes
1 answer
Http redirect form OAuth2-Server: how are values added as url hash?
Let's say, in Oauth implicit flow, the redirect uri I provided is http://www.abc.de/de
Then the oauth2-server will responde with a 302 and the location will say something like:
http://www.abc.de/de#access_token=blabla&token_type=bearer
Then my…
user3629892
- 2,960
- 9
- 33
- 64
0
votes
1 answer
OpenId Connect Authorization Code flow in Angular JS
I am looking for best approach to implement the Open Id Authorization Code flow in Angular JS. Have got examples on Implicit flow to get the temporary tokens: id_token and access_token, but i need to get the long-lived token : refresh token.
Looks…
Balaji
- 127
- 13
0
votes
1 answer
IdentityServer4 - combining MVC and SPA - avoid extra round trip
I have a website which combines ASP.NET Core MVC and angular based SPA which I am trying to secure using IdentityServer4. The login flow currently looks like:
User clicks the login button on the homepage (www.example.com, MVC
based)
User is…
LH_
- 21
- 2
- 5