What are the differences?
The main differences between the server-side workflow and the client-side workflow can be summarized in this table:
Simplicity |
Security |
Access duration | |
---|---|---|---|
Server-side flow (authorization code grant flow) |
More complex: In order to facilitate the secure storage and transmission of confidential data, a backend server and data store must be maintained. |
More secure: The server-side flow never exposes the key to the browser, and so has a significantly smaller chance of being leaked. |
Long-term: Because an application using the authorization code grant flow is trusted to store confidential information, it can store properties needed for long-term, even offline, access. |
Client-side flow (implicit grant flow) |
Less complex ... |
Get Mastering OAuth 2.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.