You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the entry for Your clients reside in user controlled devices with the ability to authorize through a web based workflow. This workflow is inherently insecure, restrict the privileges associated with tokens accordingly.
suggests to use Implicit Grant, but Implicit Grant is now considered to be unacceptably insecure and is being depreciated in favor of Authorization Code with PKCE
How to reproduce
Go to the page, read the section, compare to the official documentation linked below
Expected behavior
the document should match the official recommendation
Hi @Xpyder , you're right , this section deserves a little bit of refactoring following new security best practices. Any PR by chance ? (you can test your changes before commit by executing tox -e docs !)
Describe the bug
on https://oauthlib.readthedocs.io/en/latest/oauth_1_versus_oauth_2.html
the entry for
Your clients reside in user controlled devices with the ability to authorize through a web based workflow. This workflow is inherently insecure, restrict the privileges associated with tokens accordingly.
suggests to use Implicit Grant, but Implicit Grant is now considered to be unacceptably insecure and is being depreciated in favor of Authorization Code with PKCE
How to reproduce
Go to the page, read the section, compare to the official documentation linked below
Expected behavior
the document should match the official recommendation
Additional context
https://oauth.net/2/grant-types/implicit/ (includes several further reading links at the bottom)
https://oauth.com/playground/index.html (choose implicit flow and read the content of step 2)
The text was updated successfully, but these errors were encountered: