Comment by mooreds

3 years ago

Man, the implicit grant is pretty horrible, for exactly the reasons shown in this post.

FYI, they are omitting it in the upcoming OAuth 2.1 spec: https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-09.htm...

3 comments

mooreds

Reply
tptacek  3 years ago

It's been deprecated for like 6 years now, too, right? There'd be no reason to keep it in the new spec, since CORS obsoletes it.

  • mooreds  3 years ago

    I wasn't able to find an exact date for deprecation, but I know that PKCE replaced it for the main use case, and that was released in 2015.

  • barryrandall  3 years ago

    Unfortunately, the old tutorials and StackOverflow answers people are getting their logic from haven't been deprecated.