Is the OAuth 2.0 Implicit Flow Dead?

In this post, we'll look at what's changing in the Implicit Flow and why.

developer.okta.com

Aaron Parecki · May 2, 2019 · 10:32 PM UTC

Aaron Parecki · May 2, 2019 · 10:32 PM UTC

Aaron Parecki @aaronpk

2 May 2019

Replying to @nicokaiser

Totally depends on your risk tolerance. Browsers are always a more risky environment, so that's something to keep in mind with refresh tokens. If you are going to issue refresh tokens to JS, definitely rotate them after every use.

May 2, 2019 · 10:32 PM UTC