Different Flows

link - learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows 

Authorization Code Flow with PKCE

Communication is server-to-server between your add-in's web application and the online service.
So, it is implemented with server-side code.

link - learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow 

On Behalf Of Flow

Serves the use case where an application invokes a service/web API, which in turn needs to call another service/web API.
The idea is to propagate the delegated user identity and permissions through the request chain.

link - learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow 

Implicit Code Flow

Also known as Grant Flow or Client-Side Flow. Communication between the add-in and the online service is implemented with client-side JavaScript.
This flow is commonly used in single-page applications (SPAs).

link - learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow 

Other Links

link - auth0.com/docs/get-started/authentication-and-authorization-flow 

© 2023 Better Solutions Limited. All Rights Reserved. © 2023 Better Solutions Limited TopPrevNext