From 86536649e2e07f672a08d3d5998441b3f2660204 Mon Sep 17 00:00:00 2001 From: Leevi Graham Date: Tue, 11 Nov 2014 20:50:43 +1100 Subject: [PATCH] Update auth-server-which-grant.md --- auth-server-which-grant.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/auth-server-which-grant.md b/auth-server-which-grant.md index 0d138654..75abf0d4 100755 --- a/auth-server-which-grant.md +++ b/auth-server-which-grant.md @@ -61,6 +61,8 @@ If you have a mobile application that is for your own service (such as the offic ## Implicit grant ([section 4.2](http://tools.ietf.org/html/rfc6749#section-4.2)) +**Not currently supported. [See #249](https://github.com/thephpleague/oauth2-server/issues/249)** + The implicit grant is similar to the authentication code grant described above. The user will be redirected in a browser to the IdP authorisation server, sign in, authorise the request but instead of being returned to the client with an authentication code they are redirected with an access token straight away. The purpose of the implicit grant is for use by clients which are not capable of keeping the client’s own credentials secret; for example a JavaScript only application.