-
-
Notifications
You must be signed in to change notification settings - Fork 764
Authenticate with Ajax call #381
Comments
For authentication, I'd suggest looking at the OIDC spec. We do support the implicit flow, but that involves browser redirects, not via Ajax. I suspect though, there's more to your question and scenario (as with most people asking the wrong question :)) |
I'm essentially looking to do what is described here. http://bit.ly/1m4bNoV Here is the github repository for the code. https://github.com/tjoudeh/AngularJSAuthentication |
Yes that's supported - it is called the resource owner flow and is generally not really recommended for JS based applications. As Brock said you want to look into the implicit flow. |
What are the issues of using that authentication paradigm with JS? Does it leave a security hole? |
The user must enter the credentials directly into you app, so you app must be the one that owns the credentials and you don't get the benefit of SSO. |
Isn't that the same level of ownership that a mobile application would have--collecting the credentials and then passing it through to the identity server? |
If the mobile app owns the account, yes. But you'd not use this approach if you wanted the user to authenticate with their google account, for example. |
Yes, understood. |
Is it possible to authenticate using an Ajax call? If so, is there a sample application that demonstrates this?
The text was updated successfully, but these errors were encountered: