0

Please correct me if I am wrong. From my understanding, OAuth is used to authorized different applications. There are 3-legged authorizations which include a user, and there are also 2 legged authorizations which is used between 2 servers for example. If a consumer_secret is secret, then how can my front-end MVC be authorized? I don't understand how you can have safely authorize a client-side application without worrying about a replay attack. Could someone please explain what am I misunderstanding?

Improve this question

1 Answer 1

Reset to default
1

OAuth 2.0 has the Implicit Grant which can be used to acquire access tokens within a client-side application. It only uses the Client ID and you won't get a refresh token.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.