search

discordjs / guide

The official guide for discord.js, created and maintained by core members of its community.
https://discordjs.guide
MIT License
1.57k stars 2.3k forks source link

docs: Implicit Grant flow is deprecated danger warning #1543

Open Rein1n opened 10 months ago

Rein1n commented 10 months ago

Implicit grant flow is recommended by the guide for SPAs, however the IETF does not recommend using Implicit grant flow in any scenario, preferring the Authorization code grant.

monbrey commented 10 months ago

Couple of notes on this. Personally, I'd rather just rework the guide not to use implicit grant at all. In many other areas of the guide, we moved away from showing people a "bad but easy" way to do things, then changing it all in the next section. Just show the right way from the start.

Otherwise if we do want to stick with a warning, using [here] as the masked text on a link is poor accessibility for screen readers. Prefer something descriptive like for more information check [the OAuth2 RFC](link)

Rein1n commented 10 months ago

I can change the pr to remove implicit grant completely if that would be preferable.

If we decide to keep implicit grant, I'll change the masked text to make it more clear, thanks for the heads up on that.