webworm
Reputation: 11019
IdentityServer3 & Implicit flow with Javascript - How is client_secret handled
In looking for examples/guides on using IdentityServer3 with Javascript web applications (aka SPA), the Implicit OAuth flow seems to be the recommended. However, the Implicit flow requires a client_secret. How is this accomplished with Javascript and HTML alone since the source code can always be viewed by others?
Upvotes: 0
Views: 55
Answers (1)
Related Questions
- identity server use client secret from javascript
- IdentityServer3 implicit flow not wokred javascript
- How is the Open Id token secured using Implicit Flow
- Requesting token directly from IdentityServer3 via Javascript using username/password
- IdentityServer3 - Client and Secret
- Implicit flow & identity Server 3: Is it possible to grant a JavaScript client an access token without having the user log in?
- IdentityServer3 - OAuth Flows, different approaches
- Authenticating with Oauth password flow from a front-end
- OpenID Connect - Implicit Flow with Javascript app using JWT to authenticate with a REST API
- How does hello.js avoid storing the client_secret?