Attention all BB2.0 Applications & SBX Users,
Important News
The "Implicit Grant" flow is now discouraged by OAuth 2.0 best practices and is being deprecated in the OAUTH 2.1 specifications. The Blue Button 2.0 team will be requiring Apps and Sandbox users currently using the “Implicit Grant” flow to discontinue using this spec as we move toward deprecating it.
We are requesting Applications and Sandbox users using the "Implicit Grant" flow to update their apps, and we ask that no new sandbox users utilize the "Implicit Grant" flow in new development. This will mean that your applications will need to be updated to utilize the "Authorization Code Grant" flow. The information on how that can be accomplished can be found here.
Although not currently required, it is recommended to utilize the OAuth 2.0 PKCE (Proof-Key for Code Exchange) extension for improved security in the authorization flow. We plan to cutoff access utilizing the "Implicit Grant" method by June 30, 2021.
If you have any questions or concerns with this timeline or next steps, please reach out via the Google Group.
As always, we welcome your feedback.
Regards,
The Blue Button 2.0 Team