Just to clarify my understanding of what Torii provides for client side static apps:
-
OAuth 2.0's Implicit Grant workflow is the only OAuth workflow which works in client side static apps.
-
Torii only supports this via torii/providers/oauth2-bearer, which returns tokens not codes.
-
If 1. and 2. are true, then I suppose all client side static apps which use Torii would only use the oauth2-bearer approach. The rest of the providers in Torii, like stripe-connect etc. which are code workflow based would need server support to get an AccessToken based on the code.
Is this right?
Thanks in advance.
Aucun commentaire:
Enregistrer un commentaire