[Openid-specs-ab] Using UserInfo EP from a Javascript Client (was: Implicit grant and javascript clients)

sakimura sakimura at gmail.com
Wed Sep 28 08:06:18 UTC 2011


 Actually, we used to have JSONP response in earlier drafts.

 It was dropped in preference of HTML5 postMessage, I think.

 =nat

 On Fri, 16 Sep 2011 14:24:13 +0200, Andreas Åkre Solberg wrote:
> I'm thinking of making a proof of concept Connect client that runs in
> the browser.
>
> I cannot think of a use case where it really makes a lot of sense,
> though. What do you think?
>
> With the implicit grant flow, it is possible and pretty simple to do
> this proof of concept. You can get an access token, and the id token,
> and even verify the id token, and extract the user id. What you 
> cannot
> do, though is access the user info service. To make the user info
> service work, the only neccessary step; was to add support for JSONP.
>
> Is there any good descriptions (concrete examples) available on what
> use cases the implicit grant flow serves?
>
> Andreas



More information about the Openid-specs-ab mailing list