Implicit

Overview

The Implicit grant type is similar to the Authorization Code grant type in that it is used to request access to protected resources on behalf of another user (i.e. a 3rd party). It is optimized for public clients, such as those implemented in javascript or on mobile devices, where client credentials cannot be stored.

Use Cases

calls on behalf of a third party
for browser-based applications (javscript)
for native applications (desktop and mobile devices)
for any application where client credentials cannot be safely stored

Implementation

When your server is created, simply configure the server to allow the implicit grant type

Php

// create a storage object for your server
$storage = new OAuth2\Storage\Pdo(array('dsn' => 'mysql:dbname=my_oauth2_db;host=localhost', 'username' => 'root', 'password' => ''));

// create the server, and configure it to allow implicit
$server = new OAuth2\Server($storage, array(
    'allow_implicit' => true,
));

This allows the Authorize Controller to return an access token directly from a request to the server’s authorize endpoint.

Example Request

When using the Implicit grant type, tokens are retrieved using the Authorize Controller. The client specifies the grant type by setting the querystring parameter response_type=token in the OAuth server’s `authorize’ endpoint.

First, redirect the user to the following URL:

Text

https://api.mysite.com/authorize?response_type=token&client_id=TestClient&redirect_uri=https://myredirecturi.com/cb

A successful token request will be returned in the fragment of the URL:

Text

https://myredirecturi.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA&state=xyz&token_type=bearer&expires_in=3600

Demo

See the implicit grant type demo

Implicit

Overview

Use Cases

Implementation

Example Request

Demo

Overview

Grant Types

Controllers

Storage

Cookbook