-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oauth2 implicit flow should allow custom protocols #180
Comments
As per gitter, take a look at https://tools.ietf.org/html/draft-ietf-oauth-native-apps-03 |
BTW - for my purposes, I'm looking at using the implicit flow, but I think this can also affect the authorisation code flow. Perhaps this makes the implementation easier? |
No, the implicit flow is the only one where you can use custom uri schemes. Using this with the authorization code will leak the token to anyone who is listening. Seriously anyone, including me. ;) |
upstream ory/fosite#60 |
this is justified by https://tools.ietf.org/html/rfc6819#section-4.4.2 |
But first, check the spec for further information on this.
The text was updated successfully, but these errors were encountered: