Last week, in the second of my tutorial videos demonstrating how Layer 7 Gateways can be used to implement OAuth, I talked about the authorization code grant type and showed how it could be adapted to suit specific needs. This week, in my third tutorial, I’ll be doing the same for the implicit grant type.
As you may remember, I previously gave an overview of the flow for the authorization code grant type. To help you compare and contrast, here’s the implicit grant type flow:
- The resource owner is redirected by the client application to the OAuth authorization server, to express authorization
- The OAuth authorization server redirects the resource owner back to the client application along with an access token
- The client application uses the access token to call the service on behalf of the resource owner
- The implicit grant type does not include refresh tokens since the client application is not authenticated
The response we’ve already had to these tutorials is evidence of the ever-growing interest in all things OAuth – and the fact that there’s still a lot to learn about this emerging standard. If you’re finding this content useful – and I certainly hope you are – don’t worry: there’s plenty more to come!
Tutorial 3: The Implicit Grant Type