The underlying protocols (OAuth2/OIDC) rely heavily on HTTP redirects so in most situations authentication in a pure AJAX style is not available (assuming you meant AJAX style with delivered in a payload). For some scenarios libraries can abstract the above for you and deliver the response as if it was an AJAX call, but trying to completely avoid redirect-based processes is fighting the protocols you’re using. If you just don’t want the response to be in a query string you can consider the form post response mode.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Auth0 + Implicit grant - does this work with Lock? | 4 | 4505 | March 2, 2018 | |
| Lock UI & Implicit Grant | 3 | 4304 | March 2, 2018 | |
| Authorize user from Lock of SPA with API | 3 | 3660 | March 2, 2018 | |
| Lock and OIDC Conformant clients | 11 | 6321 | March 2, 2018 | |
| What is the right setup for Lock + SPA + Native + Rest API? | 9 | 5708 | March 2, 2018 |