Just in time for #iiw I published a blog post: "Is the OAuth 2.0 Implicit Flow Dead?" developer.okta.com/blog/2019…
1
8
16
That's a big assumption (you don't know what browser extensions the user is using) but yes that's one way to be more confident. I wouldn't use absolute terms like "safe" though. "Less risky" maybe.
May 2, 2019 · 11:31 PM UTC
