I am looking for best approach to implement the Open Id Authorization Code flow in Angular JS. Have got examples on Implicit flow to get the temporary tokens: id_token and access_token, but i need to get the long-lived token : refresh token. Looks like I need to go for authorization code flow, where i would get the "code" based on the user credentials, and thereby using that "code" would get the refresh_token.
Ours is Angular/ Web API project(not using MVC). Is it recommended to use authorization code flow at client side? if so, what is the best approach/ best library that we can achieve this use case?
keep in mind that the implicit flow is the recommended one for SPA application like angular, because it's better to send and access_token with a short lifetime rather than sending a a long lifetime token that can be used easily to generate access_tokens. but if you insist you can use the Hybrid flow, authorization code flow is more for server to server communication :