Archived Forum Post

Index of archived forum posts


No implicit grant flow?

Sep 24 '16 at 11:57

I can't see a way to use the implicit grant flow in your oAuth library, is this true?


Yes, that is correct.

The implicit grant flow is as follows:

   The implicit grant type is used to obtain access tokens (it does not
   support the issuance of refresh tokens) and is optimized for public
   clients known to operate a particular redirection URI.  These clients
   are typically implemented in a browser using a scripting language
   such as JavaScript.

Since this is a redirection-based flow, the client must be capable of interacting with the resource owner's user-agent (typically a web browser) and capable of receiving incoming requests (via redirection) from the authorization server.

Given that Chilkat is a native implementation (i.e. compiles to native code and exists in either static libraries, or shared libraries (.dll, .so, or .dylib), it doesn't seem likely that the implicit grant flow would be possible with Chilkat.

If you know of a situation where the implicit grant flow possible with a native library, please let me know and it can be considered for a future version.