How to build product around Single page APP APIs vs Native App APIs

Not applicable

HI All,

I need to expose a public API having a user context and therefore has Implicit and Auth_Code grant type implemented in the API.

As per OAuth security recommendations Single Page Apps should use Implicit grant type while Native/web apps can use Auth Code.

My questions is how can I ensure that Developers who are developing single page app use Implicit grant type whereas other developers use Auth Code grant type.

Regards,

Vivek

0 1 303
1 REPLY 1

Hi @vivek yadav,

I will recommend to create a single endpoint to support both grant types. It is really upto the app developers to choose the convenient grant type. Also i think you meant APIs being called from a browser or mobile app type user-agent or being called from a backend. You can try to check to verify the user-agent header parameter value as it will change based on calling user agent, but it will introduce some complexity in your proxy.