Browser APIs have gotten so much better lately! Way easier to do @oauth_2 PKCE in a browser now: ✅ good random number generators ✅ secure hashing functions Just missing a good base64 encoding function. (Check out the ugly hack in the post.) developer.okta.com/blog/2019…

Is the OAuth 2.0 Implicit Flow Dead?

In this post, we'll look at what's changing in the Implicit Flow and why.

developer.okta.com
2
1
3
In the process of changing how we authorize the users in our web app and I’m wondering what route to take. Do you know about any simple proxy-like services for Oauth 2 Auth code flow (not OIDC) that can keep sessions and handle Auth for any SPA ?
1
Replying to @grEvenX @oauth_2
Plenty of server-side frameworks can do this, I'm not sure about something as a service though. Also not sure if you'd really want to go down the path of offloading that kind of thing to a different site either.

May 4, 2019 · 4:46 PM UTC

1
Replying to @aaronpk @oauth_2
Sorry if I was unclear. I didn’t mean a SaaS that I could offload it to, but something like a simple software (proxy?) that can run in a docker container alongside the SPA.