vikx01
Reputation: 53
Which OAuth 2.0 flow for secure REST API used by SPA.
I have implemented an api that my SPA front-end will use. Now I want to secure the endpoints of the API using OAuth 2.0. The SPA will be used by hundreds (possible thousands) of registered and logged in users. Which OAuth 2.0 grant type flow should I use?
FWIW I am using spring boot for the backend and angular for the frontend
Upvotes: 0
Views: 332
Answers (1)
iandayman
Reputation: 4467
The Implicit Grant is optimised for Single Page Applications.
It allows a token to be obtained in one call to an authorize endpoint.
Note that you will not be able to obtain a refresh token for offline / long-lived access to the API with the Implicit grant.
Upvotes: 1
Related Questions
- OAuth flow for getting access token on non-password protected SPA
- Which OAuth2 authentication flow shoud I use for PWA + server side application
- OAuth2 flow for securing a REST API
- Single Auth model for SPA+API Server and Traditional Web Application (OIDC way)
- Secured API endpoints
- OAuth2 for REST API with tightly coupled SPA as only client
- What Oauth2 flow to choose for this particular situation?
- oauth 2.0 Which flow is most suitable for user and no user interaction?
- OAuth2: Which flow to use?
- Securing API communication with Oauth