Skip to content

Commit a404f19

Browse files
copdipscopdips
committed
OIDC OpenID Connect / update emoji
1 parent a936a47 commit a404f19

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

docs/posts/2025/2025-11-18-oidc-openid-connect.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,9 +35,9 @@ date:
3535

3636
| Flow | Purpose | response_type | Notes |
3737
| ----------------------------------------------------- | ----------------------------------------- | ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
38-
| Deprecated Implicit Flow | SPA, native apps, desktop, mobile | `token` or `id_token` or `code id_token`, etc. | `⚠️access_token` exposed in browser URL |
39-
| Deprecated Resource Owner Password Credentials grant | SPA, native apps, desktop, mobile | — (direct `/token`, no `/authorize`) | ⚠️User password is given to unsecure client App, but not Identity Provider |
40-
| Deprecated Authorization Code Flow without PKCE | SPA, native apps, desktop, mobile | `code` | ⚠️Without `code_verifier` from PKCE, Identity Provider cannot verify the auth code sent to `/token` is from the original client |
38+
| 🚫Deprecated Implicit Flow | SPA, native apps, desktop, mobile | `token` or `id_token` or `code id_token`, etc. | `⚠️access_token` exposed in browser URL |
39+
| 🚫Deprecated Resource Owner Password Credentials grant | SPA, native apps, desktop, mobile | — (direct `/token`, no `/authorize`) | ⚠️User password is given to unsecure client App, but not Identity Provider |
40+
| 🚫Deprecated Authorization Code Flow without PKCE | SPA, native apps, desktop, mobile | `code` | ⚠️Without `code_verifier` from PKCE, Identity Provider cannot verify the auth code sent to `/token` is from the original client |
4141
| Authorization Code Flow + PKCE (Public Client) | Interactive SPA, native apps, desktop, mobile | `code` | No `client_secret`, uses PKCE |
4242
| Authorization Code Flow + BFF (Confidential Client)<br/>mixed with Client Credentials Flow | Interactive web backends / BFF | `code` | Uses `client_secret` |
4343
| Client Credentials Flow | Non-interactive Machine-to-machine | — (direct `/token`, no `/authorize`) | No user involved |
@@ -689,7 +689,7 @@ sequenceDiagram
689689
App2->>Browser: 302 Redirect to IdP /authorize
690690
691691
rect rgb(200, 255, 200)
692-
Note right of Browser: 🍪 BROWSER AUTOMATION<br/>The URL matches 'auth.idp.com'.<br/>Browser AUTOMATICALLY attaches the cookie<br/>✅with URL redirect or popup,<br/>(legacy hidden iframe SSO if blocked by many browsers)
692+
Note right of Browser: 🍪 BROWSER AUTOMATION<br/>The URL matches 'auth.idp.com'.<br/>Browser AUTOMATICALLY attaches the cookie<br/>✅with URL redirect or popup,<br/>(🚫legacy hidden iframe SSO if blocked by many browsers)
693693
694694
Browser->>IdP: GET /authorize<br/>Cookie: idp_session=SECRET_ID
695695

0 commit comments

Comments
 (0)