Version: v1.6

Mobile & Browser (Single-Page-App) with OAuth2

We have an excellent blog post on this topic. Read it now!

Creating a public OAuth 2.0 Client

You can create a public OAuth 2.0 Client (e.g. for the authorize code + PKCE or implicit flow) with the CLI

hydra clients create --endpoint http://ory-hydra-admin-api --token-endpoint-auth-method none

or by setting in the HTTP API JSON body when POSTing to /clients:

{
"client_id": "...",
"token_endpoint_auth_method": "none"
}

Be aware that when making requests to /oauth2/token or /oauth2/revoke with a public OAuth 2.0 Client, you cannot authenticate with the HTTP Basic Authorization but must include the client_id in the POST body:

POST /oauth2/token
...
client_id=...&
...
Last updated on by aeneasr