Hello Folks, I noticed that Google supports the OAuth 2 Implicit flow for third-party JavaScript applications.
https://developers.google.com/identity/protocols/OAuth2UserAgent Isn't this generally discouraged from a security POV? *Is there a better OAuth 2 flow for third party SPA applications?* Aloha, -- Jim Manico Manicode Security https://www.manicode.com
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
