Protecting Your APIs with OAuth
Рет қаралды 13,363
Күн бұрын
@chrise202 4 жыл бұрын
Hi Aaron you've mention in various videos about SPA's and JS/Angular apps hosted on CDN's that they should use Auth Code + PKCE. But theres no "back channel" for SPA's. Does this mean front channel will be used? Apart from getting the token by a POST rather than fragment or queryString, are there any other advantages in Auth Code over Implicit?
@harrylyod3402 2 жыл бұрын
loved it thanks for the explanation.
@patrickm9953 5 жыл бұрын
My cats love Oauth 2.0 !
@codedynamics1 3 жыл бұрын
thanks Arron, ive subbed ;)
@codingexpedition4625 4 жыл бұрын
I have a hard time separating idToken and accessToken, can you help me with the following: The token shown in the video at kzbin.info/www/bejne/bpSUhIKrhJmghsU, includes both a userId and access scopes. Am I right to say that a token which both includes the userId and access scopes is an "idToken"? (Cause pure oauth access_tokens only include scopes but no user info)
@beatagozdziaszek8157 4 жыл бұрын
Access token authorizes access to some server resources. They are not intended to carry information about the user. They simply allow access to certain defined server resources. ID token contains information about a user and their authentication status. It can be used by your client both for authentication and as a store of information about that user.
@domaincontroller 4 жыл бұрын
01:59 spec like legal contract
@samanthaferguson6018 4 жыл бұрын
01:59 spec like legal contract
@samanthaferguson6018 4 жыл бұрын
01:59 spec like legal contract
НОВОСТНИЧОК
Рет қаралды 6 МЛН
GOTO Conferences
Рет қаралды 18 М.