No, Instagram is describing implicit flow. Implicit flow has a problem
in that access tokens can possibly be bookmarked and stored in browser
history. That isn't a problem with codes because codes are only active
for a very short window (milliseconds).
On 2/9/2015 7:03 PM, Pedro Igor Silva wrote:
I think Instagram does that [1], right ?
[1]
http://instagram.com/developer/authentication/
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Monday, February 9, 2015 8:51:04 PM
Subject: [keycloak-dev] Keycloak.js is inefficient and can be improved
I had a good discussion on OAuth list about javascript and implicit flow
vs. auth-code flow. It was pointed out that auth-code flow has some
extra hops that can be avoided if you implement "response_mode=fragment".
See this:
https://issues.jboss.org/browse/KEYCLOAK-1033
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com