Certified Security - Specialty

Sign Up Free or Log In to participate!

Implicit Grant

I think that the video is wrong and I’m looking for confirmation.  The presenter says that you select "Application code Grant" and also "Implicit Grant", stating that "Implicit Grant gives you the JWT token".  My understanding is that both grants are part of OAuth and so don’t provide a JWT token but that using the scope "openid" is what provides the JWT, in the id-token field of the response.

I thought that Implicit is basically the same as Application Code but was created for use by mobile apps that had nowhere safe to store their secret and that this has been fixed now using the PKCE extension but it has nothing to do with the JWT.

Can anyone out there confirm?


Mad Dash

Actually, if I’d waited a second, I’d have seen what looks like confirmation that it is a tiny error in the documents: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?