If a single page application has control on the server side, it is posible to implement the authorization process like a regular web application does, using Authorization Code Grant, instead of the Implicit Code Grant used by SPAs . That is, send the server the order to authorize and let him start t…

Hey there @arik_auth0 , great news! Here’s our latest update on the JavaScript solution to support Authorization Code in Single Page Applications! http://community.auth0.com/t/js-solution-to-support-authorization-code-in-spas-product-roadmap-in-progress/23178

SPA with Authorization Code Grant

Help

markd March 14, 2019, 12:15pm 4

This is actually a recommended approach in the current draft for using OAuth with SPAs:

I would recommend reading the whole draft, and also recommend reading Vittorio Bertocci’s blog post on the subject:

4 Likes

Storing client secret in SPA

Topic		Replies	Views
How does Auth0 provide authorization code flow in a SPA Help	6	4673	May 9, 2020
Using Code Grant with SPA + REST API Help authorization-flow	2	3921	August 28, 2019
Authorization Code Grant vs Implicit Grant Help implicit-grant , authorization-code-f	4	12459	August 27, 2019
SPA+Backend+3rd party API - Best practices for Authorization Code flow Help authorization-code-f	5	12576	March 27, 2019
Auth0 + Implicit grant - does this work with Lock? Help spa , implicit-grant , grant-types	4	4487	March 2, 2018

SPA with Authorization Code Grant

Related Topics