No longer advise to use Password Grant for SPAs

This commit is contained in:
Andrew Millington 2018-04-18 13:07:21 +01:00 committed by GitHub
parent 342108e0ec
commit 558e55c071
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -32,7 +32,7 @@ Depending on whether or not the client is capable of keeping a secret will depen
If the client is a web application that has a server side component then you should implement the [authorization code grant](/authorization-server/auth-code-grant/). If the client is a web application that has a server side component then you should implement the [authorization code grant](/authorization-server/auth-code-grant/).
If the client is a web application that has runs entirely on the front end (e.g. a single page web application) you should implement the [password grant](/authorization-server/resource-owner-password-credentials-grant/) for a first party clients and the [implicit grant](/authorization-server/implicit-grant/) for a third party clients. If the client is a web application that has runs entirely on the front end (e.g. a single page web application) you should implement the [implicit grant](/authorization-server/implicit-grant/).
If the client is a native application such as a mobile app you should implement the [password grant](/authorization-server/resource-owner-password-credentials-grant/). If the client is a native application such as a mobile app you should implement the [password grant](/authorization-server/resource-owner-password-credentials-grant/).