Edward Jiang

Hey Raul, Thanks for opening up this issue! I've started working on (and thinking a lot more about) auth in the last two months, and I'm trying to really understand...

Implicit should give the app reasonable access to the account. Some actions are still only going to be server-side. The main problem is that some OAuth providers only support the...

Doing further testing, the express-stormpath framework doesn't follow this part of the framework spec: ``` # If the request does not specify an Accept header, or the preferred accept #...

 

I'll just tag along on this issue for social login documentation: https://docs.stormpath.com/nodejs/express/latest/social_login.html#google-login states that you need to turn on the G+ API; as per testing @robertjd, @bretterer and I did...

Is there a reason you want to use postmessage, instead of the actual callback URI? It's been causing problems in Android.

Does the Express SDK use the auth code or javascript (implicit) OAuth flows? Basically our implementation of Stormpath right now means that the implicit grant type and Android SDK are...

Let me forward you an email I wrote to the customer success team about this issue.

Oh ok, I need to read the earlier thing better. I guess this is just documenting the implicit flow, but the default is still authorization code. I guess that's fine.

Hey there! The OAuth password grant on the express integration is intended on being used by mobile and/or frontend web clients. Thus you DO NOT need to authenticate with your...