Why you should stop using the OAuth implicit grant!

Torsten Lodderstedt
Nov 9, 2018 · 3 min read

No one should any longer use the implicit grant! That’s what IETF’s OAuth working group, the authority for official OAuth specifications, recommends in the upcoming OAuth 2.0 Security Best Current Practice RFC. The decision was met during the IETF meeting this week in Bangkok.

Here is what the working group document says:

The implicit grant (response…