I had a good discussion on OAuth list about javascript and implicit flow
vs. auth-code flow. It was pointed out that auth-code flow has some
extra hops that can be avoided if you implement "response_mode=fragment".
See this:
https://issues.jboss.org/browse/KEYCLOAK-1033
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com