Web application developers are always on the lookout for ways to secure their applications. It has become the most fundamental part of any web application considering the rise in the number of cyber-attacks. This course will be your handy guide to the basic terminologies and frameworks related to web application security.

 In this course, you will learn what JWT is, how a JWT is created, and what benefits it provides in token-based authentication. You will learn about why HTTPS was introduced and how it revolutionized the way data is transferred using techniques like encryption and handshake. You will also dive deep into the most commonly used authentication and authorization frameworks called OAuth and OpenId Connect. This course will give you a taste of what web API security is all about and will give you the foundation so you can further your learning of application security.

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

The Implicit grant type is designed for single-page JavaScript apps that do not have a backend. In the previous lesson, we discussed the Authorization Code grant flow, in which the client app used the client_secret and authorization code to get the access code.

The problem with JavaScript apps (without a backend) is that they have no way to store client secrets. Storing the client secret in the JavaScript code is not as safe, because anyone can access it. Therefore, we use the Implicit flow for these apps. In Implicit flow, the authorization server directly returns the access token instead of returning the code.

This flow type should be used only if there is no alternative option because it is not safe. The exchange of token happens at the front end and an attacker can access the token.


This lesson introduces another type of OAuth flow called Implicit grant flow.

Getting started with Web Application Security

HTTPS Basics

JSON Web Token

OAuth

OpenID Connect

Conclusion

Implicit Grant Type