1

I am developing a simple html5 frontend application that retrieves an OAuth2.0 access token from a generic OAuth 2.0 provider (e.g. Keycloak and alike). Assuming the user has previously created a client and user on the authentication server (e.g. Keycloak) he then provides the following parameters on my web page:

  • Authorization URL
  • Access token URL
  • Client ID
  • Client secret

Sort of a Postman OAuth2.0 client: enter image description here

Note: ClientId and Client secret are not saved anywhere, they are provided by the user.

My question is: Is there any javascript library to achieve such behaviour (Postman)?

Improve this question
2
  • I agree with @Rubysmith, the authorization code grant type is not designed for JS application. You must use the implicit grant type Commented Feb 23, 2016 at 14:35
  • @FlorentMorselli I know, but the purpose of this frontend app is to test the Authorization Code Flow! Commented Jan 15, 2017 at 10:21

1 Answer 1

Reset to default
1

You need to implement the Implicit Grant Flow and not the Authorization Code Flow in OAuth2 for client side JavaScript applications where one cannot safely keep secrets inside the application.

Implicit Grant Flow

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

The secrets are not saved anywhere as they are provided by the user via a web form. As an aside, it doesn't answer the original question, which was about the js library.
As of 2019, it is recommended for SPAs to use Code flow with PKCE extension and without client secret. So the question actually makes sense now, and this answer is outdated.
Perhaps you have misunderstood my original intent. I just wanted to mimic Postman's behavior in my own web app. This test app doesn't go to production.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.