Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-12

REQ002 Support Implicit Grant Process

    Details

    • Type: Story
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: backlog
    • Component/s: None
    • Labels:
      None

      Description

      Note: We might revisit the implementation due to security considerations, see REQ027 OAuth2 should be secure to use  

       

      Depends on:

      Implement https://tools.ietf.org/html/rfc6749#section-4.2

      Please note the RFC specify there is no Refresh Token because it cannot be stored safely. However, several OAuth2 implementations introduced modified Implicit Grant process that doesn't display authorization screen when the remote client presents a valid Access Token. This allows remote client to obtain new Access Token without disturbing user.

      Related use-cases:

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                tomas.polesovsky Tomáš Polešovský
                Participants of an Issue:
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Packages

                  Version Package
                  backlog