omniauth-oauth2 icon indicating copy to clipboard operation
omniauth-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon omniauth

About other grant types

Open kuraga opened this issue 11 years ago • 5 comments

Good day! Thanks for this work!

This gem provides code Authorization Grant. What about other grants: implicit, password?

Some plans? Are patches welcome?

kuraga avatar Aug 27 '14 07:08 kuraga

Patches are welcome. I have been slacking lately. This is back on my radar.

All submissions welcome!

isaacsanders avatar Sep 24 '14 19:09 isaacsanders

If anyone does implement the implicit flow, please keep this in mind:

http://technotes.iangreenleaf.com/posts/closing-a-nasty-security-hole-in-oauth.html

Automatically checking the client_id for the received token would be great.

Dantemss avatar Oct 07 '14 17:10 Dantemss

Found in my trash :smile: https://gist.github.com/kuraga/ecd703ffef2af0ebb96b

kuraga avatar May 15 '15 11:05 kuraga

+1 for password type

Yanchek99 avatar May 25 '16 17:05 Yanchek99

The password flow can be implemented fairly easily as another strategy that inherits from this strategy by just overriding the request_phase method to display a form that gathers the username and password and submits to the callback url

mltsy avatar Dec 16 '16 21:12 mltsy