Quote of the Day

more Quotes

Categories

Recent Posts

Top Posts

Buy me a coffee

Tag Archives for " Implicit Grant "

Protecting angular and ASP.NET core applications – An Overview.

Published June 23, 2019 in Angular , ASP.NET core , Azure , OAuth2 , security - 0 Comments
Protecting angular and ASP.NET core applications
Protect Angular and ASP.NET core applications

In this and upcoming blog posts, I’ll be talking about integrating Azure Active Directory (AAD) and leveraging open source libraries to protect a system consisting of an angular application and ASP.NET core web apis.

In this post, I just want to give a high level overview of the setup and the technologies involved in securing such as system. As such, I likely gloss over some of the points. In subsequent posts, I’ll cover the specific parts in more details.

Continue reading

Tags: Azure Active Directory , Implicit Grant , JwtBearer middleware , Microsoft Identity Platform , MSAL , On-Behalf-Of , OpenID Connect

OAuth 2 – Implicit Grant

Published June 3, 2018 in OAuth2 , security - 0 Comments

This is part of a series post about OAuth2. In this post, I go over the implicit grant type and how it relates and differs to the authorization code grant type.

Let’s look at a high-level only flow of the implicit grant flow via an example in which an application recommends a user movies based on the movies the user’s friends like on Facebook.

  1. The user submits a request to the Movie app to get movie recommendations.
  2. The app redirects the user to Facebook to authenticate.
  3. The user authenticates with Facebook and gives consent for the Movie app to access the user’s Facebook data
  4. Facebook sends back an access token to the Movie app via a redirect url.
  5. The Movie app uses the access token to request the user’s Facebook data on behalf of the user and provide recommendations to the user.

For comparison, here’s the flow using the authorization code grant.

  1. The user submits a request to the Movie app to get movie recommendations.
  2. The app redirects the user to Facebook to authenticate.
  3. The user authenticates with Facebook and gives consent for the Movie app to access the user’s Facebook data.
  4. Facebook sends back an authorization code to the Movie app via a redirect url.
  5. The Movie app submits another request to Facebook to request an access token,  passing its client credentials ( client id and secret ) as well as the authorization code obtained from step 4.
  6. Facebook validates the client’s credentials and authorization code, then issues an access token and optionally a refresh token back to the Movie app.

As you can see at the surface level, the implicit flow is more or less similar to the authorization code flow except it does not have the step of authenticating the client. As we discuss when to choose the implicit grant type vs the authorization grant type , we’ll explore other differences between the two flows and see they are meant for different types of applications.

Continue reading

Tags: Implicit Grant