Hi Aaron you've mention in various videos about SPA's and JS/Angular apps hosted on CDN's that they should use Auth Code + PKCE. But theres no "back channel" for SPA's. Does this mean front channel will be used? Apart from getting the token by a POST rather than fragment or queryString, are there any other advantages in Auth Code over Implicit?
I have a hard time separating idToken and accessToken, can you help me with the following: The token shown in the video at ua-cam.com/video/8c1SOuO4mPc/v-deo.html, includes both a userId and access scopes. Am I right to say that a token which both includes the userId and access scopes is an "idToken"? (Cause pure oauth access_tokens only include scopes but no user info)
Access token authorizes access to some server resources. They are not intended to carry information about the user. They simply allow access to certain defined server resources. ID token contains information about a user and their authentication status. It can be used by your client both for authentication and as a store of information about that user.
![[Webinar] OAuth and OpenID Connect in Plain English](http://i.ytimg.com/vi/55OXKx1z6dM/mqdefault.jpg)
Hi Aaron you've mention in various videos about SPA's and JS/Angular apps hosted on CDN's that they should use Auth Code + PKCE. But theres no "back channel" for SPA's. Does this mean front channel will be used? Apart from getting the token by a POST rather than fragment or queryString, are there any other advantages in Auth Code over Implicit?
loved it thanks for the explanation.
My cats love Oauth 2.0 !
I have a hard time separating idToken and accessToken, can you help me with the following:
The token shown in the video at ua-cam.com/video/8c1SOuO4mPc/v-deo.html, includes both a userId and access scopes.
Am I right to say that a token which both includes the userId and access scopes is an "idToken"?
(Cause pure oauth access_tokens only include scopes but no user info)
Access token authorizes access to some server resources. They are not intended to carry information about the user. They simply allow access to certain defined server resources.
ID token contains information about a user and their authentication status. It can be used by your client both for authentication and as a store of information about that user.
thanks Arron, ive subbed ;)
01:59 spec like legal contract
01:59 spec like legal contract
01:59 spec like legal contract