OAuth implicit flow

🔥More exclusive content: Twitter: Website: Blog: 00:00 The goal of OAuth 01:08 OAuth implicit flow is for public clients 01:56 OAuth implicit flow walkthrough 02:33 Implicit flow security issues 03:47 OAuth implicit flow is no longer recommended 04:14 Why the implicit OAuth flow was introduced 05:53 Conclusion The OAuth implicit flow is a way in which a client can obtain an access token. The token is directly passed in the redirect URL - so in the front channel. This make the implicit flow vulnerable to a variety of attacks including, phishing or just access token theft. Therefore, the OAuth working group no longer recommends using the implicit flow and rather recommends going with the OAuth Authorization code flow instead. The implicit flow was included in the specification because in the earlier days it was not possible to do cross origin requests. Now with CORS (Cross Origin Resource Sharing), cross origin requests are possible which renders the implicit flow obsolete.