问题
I'm developing an application in which I need an authorization workflow.
I m working on OAuth2 with oauth2orize library.
My applications (client) are frontends written in javascript or java (android).
First, what I need is simply a way to authenticate inside of them and get back an access token. To make it work, I have a resource owner flow. My problem is that I can't store my secret on my client app cause of security problems. Do you have an idea how should I do it?
In the other hand, how can I make a third party login page? Like "connect trough XXX" and then be redirected on the login page?
回答1:
The Implicit Grant flow is for public clients operating on a given URL, like Javascript (and there's a way to do it on Android).
You'll make a button "Connect through XXX" and then you redirect the user to XXX to authenticate. When that's done, you get a redirect back with the Access Token in the URL fragment.
来源:https://stackoverflow.com/questions/35647393/oauth2-for-front-end-applications