rottencandy
commented
3 years ago I looked into ways to authenticate users using GitHub OAuth and looks like this may not be possible for single page/static web apps.
The docs for Web Application flow say this:
(The implicit grant type is not supported.)Which means it doesn't support pure client-side authentication, and although the steps make it seem like it could be done without a dedicated backend server, any requests made fail with a CORS error.
This seems to be a known issue and there are some workarounds, like using gatekeeper(which is basically separate a nodejs server just for OAuth, probably not useful to us) or utilizing a service like cors-anywhere(not recommended since the tokens would be passing through a third party).
Description