[keycloak-dev] Keycloak.js is inefficient and can be improved
Bill Burke
bburke at redhat.com
Mon Feb 9 19:10:25 EST 2015
No, Instagram is describing implicit flow. Implicit flow has a problem
in that access tokens can possibly be bookmarked and stored in browser
history. That isn't a problem with codes because codes are only active
for a very short window (milliseconds).
On 2/9/2015 7:03 PM, Pedro Igor Silva wrote:
> I think Instagram does that [1], right ?
>
> [1] http://instagram.com/developer/authentication/
>
> ----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Monday, February 9, 2015 8:51:04 PM
> Subject: [keycloak-dev] Keycloak.js is inefficient and can be improved
>
> I had a good discussion on OAuth list about javascript and implicit flow
> vs. auth-code flow. It was pointed out that auth-code flow has some
> extra hops that can be avoided if you implement "response_mode=fragment".
>
> See this:
>
> https://issues.jboss.org/browse/KEYCLOAK-1033
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list