Implicit flow is used in old web applications and SPA but due to the expose of access token in URL, it has been deprecated, but let's try to understand it in this thread.
Many of us have certainly come across the OAuth2 framework or using it without knowing it.
For example, when we visit Canva, we can sign in with our google account, in this case, google acts as an OAuth provider.
👇 Thread
OAuth2 provides a way to access web apps with limited access to the user's account. it grants this access without sharing the password.
it functions with 3 entities that commonly use HTTP requests to communicate.
Client App - Canva
Resource owner - User
OAuth Provider - Google
As a first step, we access the Canva website, and it provides us with these two methods of logging in. at this point we are still in Canva's website, it will redirect to the google OAuth server once we click the sign in and it will be our next step.