Spring授权服务器中是否允许隐式授权流?
y1aodyip1#
我只是想让你知道隐式授权流现在对于SPA来说已经过时了。阅读这里的摘要:https://pragmaticwebsecurity.com/articles/oauthoidc/from-implicit-to-pkce.html除此之外,Sping Boot oauth2似乎支持隐式授权流,请参见:https://docs.spring.io/spring-security-oauth2-boot/docs/2.2.5.RELEASE/reference/htmlsingle/#oauth2-boot-authorization-server-disable
1条答案
按热度按时间y1aodyip1#
我只是想让你知道隐式授权流现在对于SPA来说已经过时了。阅读这里的摘要:https://pragmaticwebsecurity.com/articles/oauthoidc/from-implicit-to-pkce.html
除此之外,Sping Boot oauth2似乎支持隐式授权流,请参见:https://docs.spring.io/spring-security-oauth2-boot/docs/2.2.5.RELEASE/reference/htmlsingle/#oauth2-boot-authorization-server-disable