[Openid-specs-ab] Implicit grant and javascript clients
Andreas Åkre Solberg
andreas.solberg at uninett.no
Fri Sep 16 12:24:13 UTC 2011
I'm thinking of making a proof of concept Connect client that runs in the browser.
I cannot think of a use case where it really makes a lot of sense, though. What do you think?
With the implicit grant flow, it is possible and pretty simple to do this proof of concept. You can get an access token, and the id token, and even verify the id token, and extract the user id. What you cannot do, though is access the user info service. To make the user info service work, the only neccessary step; was to add support for JSONP.
Is there any good descriptions (concrete examples) available on what use cases the implicit grant flow serves?
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4448 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110916/3d4f5c14/attachment.p7s>
More information about the Openid-specs-ab
mailing list