Hugging Face's logo

Spaces:
mishrabp
/
northwind-api-gateway
Runtime error

App Files Community
northwind-api-gateway
File size: 2,651 Bytes 
97dab2a
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
<div class="max-w-4xl mx-auto p-6 bg-white shadow-md rounded-md">
    <h2 class="text-2xl font-bold mb-4">3. Implicit Flow</h2>
    
    <div class="mb-6">
        <h3 class="text-xl font-semibold mb-2">Overview</h3>
        <p class="mb-4">
            The Implicit Flow is designed for single-page applications (SPAs) and other public clients (pure JavaScript front-end applications) that cannot securely store a client secret. In this flow, the access token is directly returned in the URL fragment after user authorization. <strong>No Authorization Code involved in the flow.</strong>
        </p>
        <img src="/images/oauth-implicit-flow.png" alt="OAuth Implicit Flow" class="mb-6 w-full h-auto rounded-md shadow-sm">
    </div>

    <div class="mb-6">
        <h3 class="text-xl font-semibold mb-2">Steps</h3>
        <ol class="list-decimal pl-6 space-y-2">
            <li>A user tries to access the application (the client).</li>
            <li>The client sends an authorization request to the authorize endpoint. (The client must inform Cloudentity of its desired grant type by using the <code>response_type</code> parameter. For the implicit grant flow type, the value of the <code>response_type</code> parameter must be <code>token</code>.)</li>
            <pre class="bg-gray-800 text-white p-4 rounded-md">
curl --location \
--get \
--url "https://$TENANT_ID.$REGION_ID.authz.cloudentity.io/$TENANT_ID/$WORKSPACE_ID/oauth2/authorize" \
--data-urlencode "response_type=token" \
--data-urlencode "client_id=$CLIENT_ID"
            </pre>
            <li>Cloudentity displays a consent screen for the user.</li>
            <li>The user gives their consent.</li>
            <li>Cloudentity returns the token embedded in the redirection URI.</li>
            <li>The client requests protected resources from the resource server and presents the token it received in the previous step.</li>
            <li>The resource server validates the token and responds with requested resources.</li>
        </ol>
    </div>

    <div class="mb-6">
        <h3 class="text-xl font-semibold mb-2">Use Case</h3>
        <p class="mb-4">
            <strong>Single-page applications (SPAs):</strong> This flow is suitable when immediate access to the token is required, and there's no server-side component to handle the token exchange.
        </p>
    </div>

    <div>
        <h3 class="text-xl font-semibold mb-2">Security</h3>
        <ul class="list-disc pl-6 space-y-2">
            <li><strong>Moderate security:</strong> The access token is exposed in the URL, making it susceptible to interception.</li>
        </ul>
    </div>
</div>