The Implicit grant flow docs contain the following warning:
Warning
Microsoft recommends you do not use the implicit grant flow. In most scenarios, more secure alternatives are available and recommended. Certain configurations of this flow requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows aren't viable. For more information, see the security concerns with implicit grant flow.
As this repo is mentioned in some docs, it is critical that this usage gets reviewed. In line with SFI, this does not show secure by design and demonstrates poor defaults.
There is an old Q about this (#563) but it'd be great for this to be reviewed in light of the latest good practices and technology available.
The Implicit grant flow docs contain the following warning:
As this repo is mentioned in some docs, it is critical that this usage gets reviewed. In line with SFI, this does not show secure by design and demonstrates poor defaults.
There is an old Q about this (#563) but it'd be great for this to be reviewed in light of the latest good practices and technology available.