Implicit grant flow quick start
If you are building a single-page application (SPA), you may want to use the implicit grant flow to control access between your SPA and a resource server. This quick start procedure will help you start using the implicit flow as soon as possible.
Before you begin
- The client identifier of the app that you registered in OAuth Management.
- The scopes that you configured in API Definitions.
- Information for the Authorization Server to initiate a specific
grant flow. For the implicit grant flow, its value is
- The location where the Authorization Server sends the user agent after the user approves the request. It must match the Redirect URIs of the client app that you configured before.
- An XSRF token reproduced by the Authorization Server when redirecting the user agent back to the client. It is an arbitrary alphanumeric used to help prevent cross-site request forgery.
What you should see
redirect_urispecified by the app, adding an
stateto the URL.
The user agent will be redirected to an URL that follows this pattern: