Hi Bruno,
I think that is the usecase for implicit grant type in OAuth2. It is used when the client cannot save any secrets or tokens such as Javascript applications.

Regards,
Anil

On 02/20/2013 05:42 AM, Bruno Oliveira wrote:

Hi Anil,

Are you thinking in something like this? https://developers.google.com/accounts/docs/OAuth2#clientside

If yes, makes sense.

--

"The measure of a man is what he does with power" - Plato

-

@abstractj

-

Volenti Nihil Difficile

On Tuesday, February 19, 2013 at 11:05 PM, Anil Saldhana wrote:

I am unsure if "implicit" usecase implies insecure. All it does is

avoids the intermediate

authorization code grant step. It is useful for Javascript applications