Part 5 of a Spring Security OAuth 2 tutorial series covering two deprecated OAuth 2.0 flows: Implicit Flow and Resource Owner Password Credentials Flow. The Implicit Flow returns access_token and id_token directly via the browser URL (front-channel), which is insecure. The Resource Owner Password Credentials Flow retrieves tokens by passing user credentials directly to the token endpoint via cURL. Both flows are demonstrated using Keycloak, and both are explicitly noted as deprecated and not recommended for new implementations. The series will next move on to building Spring Boot applications secured with Spring Security OAuth 2 and Keycloak.
Sort: