Hi again! Well this is kinda related with #4 in a way. I'll like to help you enrich (if i can) the sample by using Hybrid Flow instead or in addition to the Code Flow.
The Authorization Code Flow is intended for Clients that can securely maintain a Client Secret
between themselves and the Authorization Server, whereas the Implicit Flow is intended for
Clients that cannot. However, the Authorization Code flow is sometimes also used by Native
applications and other Clients in order to be able to obtain a Refresh Token, even when they
cannot ensure the secrecy of the Client Secret value. The Hybrid Flow combines aspects of the
Authorization Code Flow and the Implicit Flow.
So i think it'll be interesting if the sample uses Hybrid Flow.
lnikkila
commented
9 years ago
Hi again! Well this is kinda related with #4 in a way. I'll like to help you enrich (if i can) the sample by using Hybrid Flow instead or in addition to the Code Flow.
As the OIDC doc says (http://openid.net/specs/openid-connect-implicit-1_0.html) :
So i think it'll be interesting if the sample uses Hybrid Flow.