SPA with Authorization Code Grant

This is actually a recommended approach in the current draft for using OAuth with SPAs:

I would recommend reading the whole draft, and also recommend reading Vittorio Bertocci’s blog post on the subject:

4 Likes