Refresher on the implicit grant flow
As you should recall from Chapter 2, A Bird's Eye View of OAuth 2.0, the implicit grant flow is the OAuth 2.0 flow used for untrusted clients. These are typically HTML/JavaScript web applications that do not have the ability to securely store and transmit information, say, from a backend server. Because of this, they have a simpler workflow than other applications using the alternative authorization code grant flow.
Once again, the implicit grant flow looks like this:
In the context of our application, WMIIG (World's Most Interesting Infographic Generator), the sequence of steps are as follows:
- The user visits WMIIG and initiates the process to see the world's most interesting infographic.
- WMIIG says, "Sure! But I'll need to access your profile and feed data to do so, and for this, I'll need your authorization. Go here…"
- WMIIG sends you to Facebook. Here, Facebook asks you directly for authorization for WMIIG to...
