Skip to main content

Implicit Flow

Disclaimer: The use of Implicit flow is not recommended as it exposes a security risk. The token is exposed in the callback URL and then stored in the browsers sessionStorage.

It is highly recommended to instead use Authorization Code Flow (AZN) on the back-end and for your front-end application to interact with the back-end via HTTP requests.

With the SDK Implicit flow is handled purely client-side. Examples are single page sites and hybrid mobile apps. To learn how to use the SDK with Implicit flow please refer to the following getting started guides Vanilla Javascript and React

  1. Client prepares an authentication request which contains the required request parameters.
  2. Client sends the request to Security Verify authorization server.
  3. Security Verify authorization server authenticates the user.
  4. The Security Verify authorization server sends the user back to the client with a Token.
  5. The Token is then stored in the browsers sessionStorage