docs: add text about implicit grant

adieuadieu · adieuadieu · commit 5fbb4871384c · 2018-02-14T15:17:01.000+01:00
diff --git a/docs/api/oauth2-server.rst b/docs/api/oauth2-server.rst
@@ -128,25 +128,27 @@ Authorizes a token request.
 
 **Arguments:**
 
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| Name                                    | Type            | Description                                                                 |
-+=========================================+=================+=============================================================================+
-| request                                 | :doc:`request`  | Request object.                                                             |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [request.query.allowed=undefined]       | String          | ``'false'`` to deny the authorization request (see remarks section).        |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| response                                | :doc:`response` | Response object.                                                            |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [options={}]                            | Object          | Handler options.                                                            |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [options.authenticateHandler=undefined] | Object          | The authenticate handler (see remarks section).                             |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [options.allowEmptyState=false]         | Boolean         | Allow clients to specify an empty ``state``.                                |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [options.authorizationCodeLifetime=300] | Number          | Lifetime of generated authorization codes in seconds (default = 5 minutes). |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [callback=undefined]                    | Function        | Node-style callback to be used instead of the returned ``Promise``.         |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| Name                                    | Type            | Description                                                                    |
++=========================================+=================+================================================================================+
+| request                                 | :doc:`request`  | Request object.                                                                |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [request.query.allowed=undefined]       | String          | ``'false'`` to deny the authorization request (see remarks section).           |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| response                                | :doc:`response` | Response object.                                                               |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [options={}]                            | Object          | Handler options.                                                               |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [options.authenticateHandler=undefined] | Object          | The authenticate handler (see remarks section).                                |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [options.allowEmptyState=false]         | Boolean         | Allow clients to specify an empty ``state``.                                   |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [options.authorizationCodeLifetime=300] | Number          | Lifetime of generated authorization codes in seconds (default = 5 minutes).    |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [options.accessTokenLifetime=3600]      | Number          | Lifetime of generated implicit grant access token in seconds (default = 1 hr). |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [callback=undefined]                    | Function        | Node-style callback to be used instead of the returned ``Promise``.            |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
 
 **Return value:**
 
diff --git a/docs/model/overview.rst b/docs/model/overview.rst
@@ -58,6 +58,23 @@ Model functions used by the client credentials grant:
 - :ref:`Model#getUserFromClient`
 - :ref:`Model#saveToken`
 - :ref:`Model#validateScope`
+--------
+
+.. _ImplicitGrant:
+
+Implicit Grant
+------------------------
+
+See :rfc:`Section 4.2 of RFC 6749 <6749#section-4.2>`.
+
+An implicit grant is used to obtain access tokens optimised for public clients known to operate a particular redirection URI. Usually used for browser-based clients implemented in JavaScript.
+
+Model functions used by the implicit grant:
+
+- :ref:`Model#generateAccessToken`
+- :ref:`Model#getClient`
+- :ref:`Model#saveToken`
+- :ref:`Model#validateScope`
 
 --------
 
diff --git a/docs/model/spec.rst b/docs/model/spec.rst
@@ -399,6 +399,7 @@ This model function is **required** for all grant types.
 
 - ``authorization_code`` grant
 - ``client_credentials`` grant
+- ``implicit`` grant
 - ``refresh_token`` grant
 - ``password`` grant
 
@@ -553,6 +554,7 @@ This model function is **required** for all grant types.
 
 - ``authorization_code`` grant
 - ``client_credentials`` grant
+- ``implicit`` grant
 - ``refresh_token`` grant
 - ``password`` grant
 
@@ -865,6 +867,7 @@ This model function is **optional**. If not implemented, any scope is accepted.
 
 - ``authorization_code`` grant
 - ``client_credentials`` grant
+- ``implicit`` grant
 - ``password`` grant
 
 **Arguments:**
