reading the documentation here: Nuki Developers
I can authenticate the user with the Authorization Code Flow of OAuth 2.0 Spec.
I already integrated the user authentication for the Web APIs with Implicit Code Flow (my client is a web application so is not secure to add a client secret in a static page).
After asking for the enabling of advanced api integration, is there a way to use the Implicit Code Flow to enable webhooks?
If you want to use webhooks for client devices as described in the linked document, you will need the OAuth2 flow, as the API tokens currently do not contain scopes for the webhook types.
I understand I have to user the OAuth 2.0 flow but in the RFC6749 the grant type specified are 4.
I know from here: Nuki API Doc that the supported grant types are 2:
Authorization Code
Implicit
but reading from here: Webhook API Doc seems like the only supported grant is: Authorization Code.
Am I right?
I already implemented this kind of authentication for the Nuki Web API with the Implicit Grant because we use a Web Application and is not recommended, for security reasons, to use Authorization Code on static browser pages.
From what I understand from the documentation the webhooks canβt be integrated unless Authorization Code is used?