Support for implicit grant-type #6
Comments
|
Isnt this as simple as just allowing to overwrite the |
|
That's one of the things that needs to be done, but it should be in a new I don't think I'll ever prioritize this because implicit is basically deprecated and considered insecure now. So if someone has a need for this, submit a PR with tests. |
|
Since when is is considered insecure? Twitch recommends it for client side applications for example. |
|
If I had to guess 2010 ? |
|
For some context, OAuth2 and implicit came out at a time where CORS was not widespread, making But that said I am cool with supporting implicit in this library for completeness and for servers that still support it. It's just unlikely I'll be the one to build it unless I'm required to integrate with something like twitch myself ;) |
|
@brockallen point taken, however, because this library aims to implement the oauth 2.0 spec, while the proposal is the 2.1 spec. I think it should be implemented. Because there are more services that use that flow besides twitch. I forked the library and made some edits to allow for this flow. However, I just deleted the part where it doesn't allow to overwrite certain properties in the Maybe I have another look into it when I get a bit more time. |
|
Yes and just to be clear, I am down with having implicit support. Just not interested in writing it myself because it's on its way out for a while and should be considered legacy. The OAuth 2.1 is really an accumulation of lessons learned in OAuth 2.0 in all the years it's been around. For the most part the experts and official resources have been coercing people away from implicit for many years. |
No description provided.
The text was updated successfully, but these errors were encountered: