Lab link.
Implicit Grant Type is used as OAuth Grant Type in Lab. The difference of the Implicit Grant Type is that the access token is sent immediately after the user approves. It is less reliable because all communication is routed through the browser.
After logging in with the wiener:peter gave to us in the lab, we examined the requests. We see a GET /auth request. This request defines the client application’s access permissions to the OAuth service. There are many parameters and they are all used in different definitions.
We can communicate with the user data since the access token is verified in the POST /authenticate request. We can open the session with this information.
If this data is not used for its intended purpose, we can change the parameters and log in to other user accounts without a password. We are asked to log in to “carlos@carlos-montoya.net”. We send the request to the repeater and change our parameter.