Pure Google+ Server Stream for Login (OAuth 2)
Why is Google+ pure server side stream for login not recommended? There is not enough information in the details. I want to implement pure server side flow for my webapp, but after reading this, I'm not sure if I should go further and do this. Why suggest an option if it's not recommended?
https://developers.google.com/+/web/signin/redirect-uri-flow
source to share
markovuksanovic wrote:
“It looks like the only security benefit is that when using a one-time stream of code, the browser component and the client server component each receive their own token. In a pure server side stream, only the server receives the token stream and the web application only receives the token. from client to server and vice versa, presents the end user with a certain risk. Using a one-time stream of code does not contain the token send from the client server and server, and the risk of tokens is compromised less. "
source to share