Spa oauth flow without user authentication prompt

Hey there @tojeffraymond welcome to the community!

Interesting use case, I haven’t heard of anything similar personally. The only flow that wouldn’t require any user authentication is m2m. You could proxy a client credentials exchange through a backend via a SPA so that the credentials are handled on a backend and safe.

It’s fairly common for SPAs to proxy calls through a backend to call the Management API for example.This typically involves an authenticated user but I don’t see any reason you could handle this on a backend with an unauthenticated user. Here’s an FAQ that goes into this set up:

Not entirely sure that answers your question, but hope it at least gives some direction!

1 Like