If a single page application has control on the server side, it is posible to implement the authorization process like a regular web application does, using Authorization Code Grant, instead of the Implicit Code Grant used by SPAs . That is, send the server the order to authorize and let him start t…

Hey there @arik_auth0 , great news! Here’s our latest update on the JavaScript solution to support Authorization Code in Single Page Applications! http://community.auth0.com/t/js-solution-to-support-authorization-code-in-spas-product-roadmap-in-progress/23178

SPA with Authorization Code Grant

Help

markd March 14, 2019, 12:15pm 4

This is actually a recommended approach in the current draft for using OAuth with SPAs:

I would recommend reading the whole draft, and also recommend reading Vittorio Bertocci’s blog post on the subject:

4 Likes

Storing client secret in SPA