I just commented on your comment in the issue tracker but I’ll repeat it for the list here: There's no implicit grant for RPTs -- there's only the ticket grant. For a browser based client to do UMA 2.0, it's akin to using the authz code flow inside a browser, which is doable (if you allow CORS on your token endpoint, and maybe a couple other things). I do not believe that it's a good idea to develop an implicit-style grant analogue. — Justin

On Apr 30, 2017, at 2:21 PM, Mike Schwartz <mike@gluu.org> wrote:

In UMA Grant, any thoughts about including considerations for browser based clients with regard to RPT, PCT and refresh tokens?

- Mike _______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma