Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implicit auth flow #23

Open
aramperes opened this issue Jan 27, 2021 · 0 comments
Open

Implicit auth flow #23

aramperes opened this issue Jan 27, 2021 · 0 comments
Labels
unreviewed use-case
Milestone
v1

Comments

@aramperes
Copy link
Member

aramperes commented Jan 27, 2021
edited
Loading

Use-Case Description

This flow doesn't require a backend server and useful for web apps that need temporary user access. Refreshing tokens is not possible, so tokens will live longer (likely 1 day instead of 1 hour) and some sensitive endpoints might be restricted (TBD).

Depends on #18

Semantics

https://tools.ietf.org/html/rfc6749#section-1.3.2

TL;DR: The user clicks a link to a special page on wavy.fm, with the Client ID, Redirect URL, and auth scopes in the URL. Once the user accepts, they are redirected back to your app with the bearer access token and expiry date in the URL. There is no refresh token.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
unreviewed use-case
Projects
None yet
Milestone
v1
Development

No branches or pull requests
1 participant
@aramperes