Stack Overflow
Stack Overflow

Questions tagged [implicit-flow]

47 questions
15
votes
3 answers

IdentityServer4 - How to Implement Impersonation

I have a requirement of allowing our internal support users to impersonate our customer users. I'm currently using IdentityServer4, Implicit Flow and OIDC Client. Resources found so far. [Question]IdentityServer4 user impersonation #853 Generate…
ttugates
  • 5,818
  • 3
  • 44
  • 54
12
votes
1 answer

Retrieving state data with oidc-client

How to keep the original url that the user was navigating to? Say I have an unauthenticated user navigates to http://localhost:9000/customer/123 To authenticate the user I would do a: // in my app.js new…
Larsi
  • 4,654
  • 7
  • 46
  • 75
8
votes
2 answers

MS Identity Azure app registered but sends unauthorized_client in implicit flow

I have registered an app in Azure for Microsoft Identity platform. I configured it to allow MS Accounts (e.g. outlook.com) and have basically done everything in a few of the quickstarts online here and here (except for "add credentials to your web…
Brinkle
  • 83
  • 1
  • 1
  • 4
7
votes
1 answer

silent token renew in identity server 4 with js client app not working as expected

I am working with identity server 4 to provide identity services to different apps in an enterprise arch. Registered an SPA application using implicit flow with the identity server 4 app with oidc-client.js and is working. But the problem is with…
Mahesh Gupta
  • 457
  • 1
  • 6
  • 18
6
votes
2 answers

How to get new access token in OpenID Connect/OAuth2 Implicit Flow

I am currently using OpenID Connect/Oauth2 Implicit Flow in a mobile app. I am bringing up a Web View for the user to login and obtaining the access token and expiry. However, when the access token expires, do I need to ask the user to log in again?…
marcusturewicz
  • 2,394
  • 2
  • 23
  • 38
4
votes
2 answers

PKCE: Surely hacker can still steal access token?

From my understanding, the advantage that Authorization Code Flow has over Implicit Flow is that with ACF, the access token gets sent to a server side app rather than to a browser app. This makes the access token much harder to steal, because the…
christiaantober
  • 251
  • 3
  • 10
4
votes
1 answer

Add loading page while validating access token angular oauth2 oidc

I have an angular page using angular-oauth2-oidc with Keycloak OIDC implicit flow. After logging in with Keycloak, it will get redirected back to the landing page. The landing page [app.component.html] will then check with allowAccess() for valid…
Alan Chang
  • 149
  • 12
4
votes
0 answers

Automatic log out after period of inactivity with Identity Server and OpenId Connect

I currently have an angular 2 SPA calling a Web API. I am using a Security Token Service implemented with Identity Server 3 and the oidc-client-js javascript library to provide authentication and authorization to use the Web API. The protocol is…
Dwall
  • 41
  • 3
3
votes
2 answers

Validate state and nonce in oidc-client

what I understood is- oidc-client generates nonce and state and sends it to an authorization server(Identity server 4). This is used to prevent CSRF attack, replay attack. State and nonce are sent through signinredirect() sample example…
Ishika Jain
  • 949
  • 2
  • 11
  • 23
3
votes
1 answer

Mendeley API - how to use JavaScript SDK - implicit flow authentication

I hope you won't mind my posting a question, because I'm not a programmer and need a "for dummies" explanation. Although I can use basic JavaScript, I've never used an API. This is what I want to do: I've made an HTML page on my hard-drive (which I…
JaneB
  • 31
  • 2
2
votes
0 answers

Duende IdentityServer 6.1.6 - Not able to Single Signout between implicit vs authorization_code grant type

Please help us on below issues- We are not able to perform Sigle Signout between our apps - Angular 13 application (implicit flow) [angular-oauth2-oidc package] Dot Net Framework Asp.Net MVC application (authorization_code) [Frontend Channel Logout…
Ghanshyam Shukla
  • 103
  • 1
  • 12
2
votes
0 answers

Blazor Web Assembly connecting to OAuth via Implicit Flow

In my blazor web assembly project, I have to connect to a Web API that doesn't implement OIDC. I read on the aspnetcore github thet they made the choice to implement only OIDC connections... I think I have to write a custom implementation of…
David Laumaillé
  • 21
  • 4
2
votes
1 answer

Easy Auth Implicit Flow with AAD and Azure Function returns Unauthorized

API repro I created a simple azure function app in azure portal and function with http binding. Function just returns string "Hello from secured API". Next in platform features I selected Authentication/Authorization. I turned on app service…
zolty13
  • 1,943
  • 3
  • 17
  • 34
2
votes
0 answers

Unable to execute silent refresh after receiving id_token ,while implementing implicit flow , both azure ad and google identity services

I've enabled implicit flow support in azure AD registration which says:- "To enable the implicit grant flow, select the tokens you would like to be issued by the authorization endpoint:" And i am trying to authenticate for multiple identity provides…
Ajay Rn
  • 93
  • 7
2
votes
1 answer

OAuth2 Implicit Flow - IFrame Refresh Identity

I'm working on an OAuth2 client for the implicit flow, and am implementing an IFrame-based refresh (since there are no refresh tokens in implicit flow). What I'm stuck on is trying to figure out the "standard" for passing the access token back to…
Jason
  • 941
  • 1
  • 10
  • 19
1
2 3 4