class OAuth2::Strategy::Implicit

@see datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-26#section-4.2<br><br>- Background: fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
- Why drop implicit: aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1<br>- OAuth 2.1 draft: datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13<br>References:
It remains here for backward compatibility with OAuth 2.0 providers. Prefer the Authorization Code flow with PKCE.
IMPORTANT (OAuth 2.1): The Implicit grant (response_type=token) is omitted from the OAuth 2.1 draft specification.
The Implicit Strategy

def assert_valid_params(params)

def assert_valid_params(params)
  raise(ArgumentError, "client_secret is not allowed in authorize URL query params") if params.key?(:client_secret) || params.key?("client_secret")
end

def authorize_params(params = {})

Parameters:

params (Hash) -- additional query parameters

def authorize_params(params = {})
  params.merge("response_type" => "token", "client_id" => @client.id)
end

def authorize_url(params = {})

Parameters:

params (Hash) -- additional query parameters for the URL

def authorize_url(params = {})
  assert_valid_params(params)
  @client.authorize_url(authorize_params.merge(params))
end

def get_token(*)

Raises:

(NotImplementedError) -

def get_token(*)
  raise(NotImplementedError, "The token is accessed differently in this strategy")
end

Namespace

OAuth2::Strategy

Parent class

OAuth2::Strategy::Base

Instance Methods

Defined in

lib/oauth2/strategy/implicit.rb

Modules

Classes