Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: Implicit Grant flow is deprecated danger warning #1543

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Rein1n
Copy link

@Rein1n Rein1n commented Jan 15, 2024

Implicit grant flow is recommended by the guide for SPAs, however the IETF does not recommend using Implicit grant flow in any scenario, preferring the Authorization code grant.

@monbrey
Copy link
Member

monbrey commented Jan 15, 2024

Couple of notes on this. Personally, I'd rather just rework the guide not to use implicit grant at all. In many other areas of the guide, we moved away from showing people a "bad but easy" way to do things, then changing it all in the next section. Just show the right way from the start.

Otherwise if we do want to stick with a warning, using [here] as the masked text on a link is poor accessibility for screen readers. Prefer something descriptive like for more information check [the OAuth2 RFC](link)

@Rein1n
Copy link
Author

Rein1n commented Jan 16, 2024

I can change the pr to remove implicit grant completely if that would be preferable.

If we decide to keep implicit grant, I'll change the masked text to make it more clear, thanks for the heads up on that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants