Different Flows
link - learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows
Authorization Code Flow with PKCE
Communication is server-to-server between your add-in's web application and the online service.
So, it is implemented with server-side code.
link - learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
On Behalf Of Flow
Serves the use case where an application invokes a service/web API, which in turn needs to call another service/web API.
The idea is to propagate the delegated user identity and permissions through the request chain.
link - learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow
Implicit Code Flow
Also known as Grant Flow or Client-Side Flow. Communication between the add-in and the online service is implemented with client-side JavaScript.
This flow is commonly used in single-page applications (SPAs).
link - learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow
Other Links
link - auth0.com/docs/get-started/authentication-and-authorization-flow
© 2023 Better Solutions Limited. All Rights Reserved. © 2023 Better Solutions Limited TopPrevNext