- Home>
- Implicit Grant
In this and upcoming blog posts, I’ll be talking about integrating Azure Active Directory (AAD) and leveraging open source libraries to protect a system consisting of an angular application and ASP.NET core web apis.
In this post, I just want to give a high level overview of the setup and the technologies involved in securing such as system. As such, I likely gloss over some of the points. In subsequent posts, I’ll cover the specific parts in more details.
This is part of a series post about OAuth2. In this post, I go over the implicit grant type and how it relates and differs to the authorization code grant type.
Let’s look at a high-level only flow of the implicit grant flow via an example in which an application recommends a user movies based on the movies the user’s friends like on Facebook.
For comparison, here’s the flow using the authorization code grant.
As you can see at the surface level, the implicit flow is more or less similar to the authorization code flow except it does not have the step of authenticating the client. As we discuss when to choose the implicit grant type vs the authorization grant type , we’ll explore other differences between the two flows and see they are meant for different types of applications.