nadnoslen
commented
5 years ago Hey @officeguy, Sorry I missed your message earlier in March. I'm very interested in moving to Authorization Code Grant as well. I've actually been stuck working on an Okta project that is shifting that very direction.
I'll try to get some time to look at this very soon.
in November 2018 the recommendation from the ietf is to no longer use Implicit Grant due to security concerns. references : section 2.1.2 of https://tools.ietf.org/html/draft-ietf-oauth-security-topics-09#section-2.1.1 also a general discussion here https://medium.com/oauth-2/why-you-should-stop-using-the-oauth-implicit-grant-2436ced1c926
having said that, I am VERY keen to be able to use the advantages of: Ember + AWSAmplify + Cognito + Social IDP providers. so this repo seems like a great direction to go :)
So.. can this repo add support for : Authorization Code Grant instead of Implicit Grant?
other info: I have successfully followed these steps in the link below to get an Ember app to have a clickable link which directs to Cognito, which checks with Google, then redirects to a /callback route of my app... however, this doesn't have all the features that ember-simple-auth would support.
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-social-idp.html
I notice that that ember-simple-auth repo here https://github.com/simplabs/ember-simple-auth/tree/master/addon/authenticators has authenticators for password grant and implicit , so I'm guessing that an addon could extend this to add a authorization-code authenticator?
thanks