[Openid-specs-ab] [openid/connect] Basic - Use grant type code instead of implicit grant (issue #567)

tlodderstedt issues-reply at bitbucket.org
Fri Apr 6 20:49:49 UTC 2012


--- you can reply above this line ---

New issue 567: Basic - Use grant type code instead of implicit grant
https://bitbucket.org/openid/connect/issue/567/basic-use-grant-type-code-instead-of

tlodderstedt on Fri, 6 Apr 2012 22:49:49 +0200:

I would suggest to change the Basic Client Profile to use authorization codes instead of the implicit grant. In my opinion, code has the following advantages:
  - It is simpler to implement for web applications.
  - It is better suited for mobile apps because of the support for refresh tokens.
  - The ability to transmit large user data chunks over a back channel instead  of the front channel is beneficially for mobile web applications, which most likely run on high latency, low bandwitdh network connections.
  - It is more secure due to the transmission of longer-lasting secrets via back channels only. 


--

This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.


More information about the Openid-specs-ab mailing list