Can anyone explain me the implicit flow?

I found out about the so called implicit flow: .

Apparently it is considered very easy. So easy noone bothers to explain / provide an example.

Can anyone show an example and/or explain an implementation of the implicit flow?

I think I got it to work. It is very much like getting the authentication token, except you will get an access_token ( as opposed to an auth token). I used the following url to redirect:

The redirectPage is supposed to be the page eve should redirect you to.
The clientId is the client-id you get while registering your app.

Do note that these tokens are only valid for 20 mins. They also can’t be refreshed. The user of your app would have to supply the code every time he wants 20 minutes access. But for testing purposes it works great.

That is the jist of it yea. Usefulness is limited due to having to reauth every 20min tho. But in the case of a client only project where exposing your client secret isn’t an option it is the better alternative.

You could checkout some of the JWT stuff that is in beta atm:

Would allow you to get refresh_token without including your client secret in the code. works with the implicit flow.

Key differences:

The token is returned.
No refresh token is provided.
The token is given as an anchor, rather than an parameter (this is to avoid it being sent to the server.)

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.