
The Implicit grant is similar to an authorization code, but instead of using the code as an intermediary, the access token is sent directly through browser redirect.
OAuth 2 Flow |
Sets the OAuth 2.0 method to use.
|
Client Identification |
An alphanumeric string used to identify the client.
|
Response Mode |
(For Azure only) Specifies how the authorization server sends the access token. Available options:
-
not defined - The authorization server will define which method to use.
-
form_post - The token will be sent as an HTML form by using the POST method.
-
query - The token will be added to the query as a parameter.
|
Resource |
(For Azure only) The App ID URI of the web service.
 |
Microsoft identity platform v2.0 does not support this parameter. |
|
Prompt |
(For Azure only) Specifies if the authentication server prompts the user to log in or consent even if they are logged in. Possible values:
-
not defined - The server will not prompt a user to log in.
-
login - The server asks to login again.
-
consent - The server asks user to consent.
-
admin-consent - The server asks prompts for the administrator consent.
|
Login Hint |
(For Azure only) The string displayed as a login hint in the sign-in form.
|
Domain Hint |
(For Azure only) Specifies the domain the user should use to sign in.
|
Authorization URL |
The authorization server URL.
|
Access Token URL |
The URL to get an access token from.
|
Redirect URL |
An authorized redirect URL registered for the application. In OAuth 2.0 terms, the web service redirects you to this URL after successful authentication. To learn more about a redirect URL, see the OAuth 2.0 documentation.
Tip: |
For a testing purposes you can use http://localhost:8080 . Make sure you added this address to the list of authorized redirect URL in your OAuth provider. |
|
Scope |
The full scope string defining the requested permissions.
|
Use Nonce |
Select to generate a unique string for each request. It allows the server to verify that a request has never been made before and helps prevent replay attacks.
|
State |
The value included in the request that is also added to the token response. Usually, it is used to provide a randomly generated string to prevent a cross-site request forgery attack.
|
Get Access Token |
Click this button to retrieve the access token.
|
Automation |
Click this button to open the Automated Token Profile editor.
|
See Also
Authorization Code Grant
Client Credentials Grant
Resource Owner Password Credentials Grant
OAuth 2.0 Grant Types