<meta content="text/html; charset=windows-1252"
<body bgcolor="#FFFFFF" text="#000000">
<p>OAuth / OIDC are not really concerned with the UI paradigm of the
web app and how it is implemented.<br>
<p>The thing that matters is whether the web app has a backend or
not: A web app with a backend should use the code flow, an
HTML5+JS-only app the implicit flow. If you have an app with a
significant JS front-end (potentially an SPA) it may benefit from
the hybrid flow, which delivers a copy of the ID token to the JS.
I haven't encountered such apps though.<br>
<div class="moz-cite-prefix">On 17/08/16 00:44, Preibisch, Sascha H
via Openid-specs-ab wrote:<br>
<pre wrap="">Hi everybody!
I get many questions regarding best practices for SPA with OAuth/ OIDC from colleagues and customers. But since I am not a web development expert I do not have the biggest experience on this topic.
I have searched via google and bing but I do not really find good info about that topic. Or I just did not recognize it.
I would be happy if I could get an answer that refers to good reads, example apps, typical message flows, biggest pros and cons, which tokens would usually be used for what, if cookies should be/have to be involved. Something that is valuable to others on this list would help.
Thanks a lot,
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openidemail@example.com">Openidfirstname.lastname@example.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
<pre class="moz-signature" cols="72">--