0Pricing
Frontend Academy · Lesson

OAuth Flows from the Frontend

Implement the Authorization Code flow with PKCE in a SPA, exchange the code for tokens, store access tokens safely, and avoid implicit flow.

What Is OAuth?

OAuth 2.0 is a delegation protocol: your app gets permission to act on the user's behalf at a third-party service (Google, GitHub, etc.) without ever seeing the user's password. Used for 'Sign in with Google', GitHub OAuth apps, and most modern auth.

Key Roles

Resource Owner: the user. Client: your app. Authorization Server: the OAuth provider (Google, Auth0). Resource Server: the API protected by the access token.

All lessons in this course

  1. XSS Prevention: Output Encoding CSP
  2. CSRF: SameSite Cookies and Tokens
  3. Content Security Policy: nonce and hash
  4. OAuth Flows from the Frontend
← Back to Frontend Academy