Senj
Reputation: 659
Rendering Hybrid Access Token vs Implicit Flow
Hey guys what do you think,
is rendering an Access Token that I got via Hybrid Flow in code-behind to my Java Script as "non-secure" as using Implicit Flow in Open ID Connect?
Upvotes: 0
Views: 114
Answers (1)
leastprivilege
Reputation: 18492
If you need the token on the client in your JS code - you somehow need to transmit it.
The APIs you are planning to call have to be considered public at this point.
Upvotes: 1
Related Questions
- Is Implicit flow now more popular than authorization code flow?
- IdentityServer Hybrid Flow - Access Token is null after user successful login
- How to us openid connect hybrid flow to call an Api on behalf of user (IdentityServer4 Asp.Net Core 2.0)?
- Do we really need id_token in implicit flow in OIDC?
- IdentityServer3 - post request for access token with hybrid flow?
- IdentityResources.Profile required for implicit and hybrid flow?
- Identityserver3 getting accesstoken in a implicit flow
- Overview or Diagram of Implicit Flow/Grant Type as Relates to IdentityServer4
- Identity Server: Token Type jwt vs reference using Implicit Flow Authentication with OIDC
- OpenID Connect Implicit Flow - Resource Server