Redirect URIs for SPAs that use the auth code flow require special configuration. Redirect URIs for single-page apps (SPAs) This diagram shows a high-level view of the authentication flow: Try executing this request and more in Postman - don't forget to replace tokens and IDs! Apps can also request new ID and access tokens for previously authenticated entities by using a refresh mechanism. Apps using the OAuth 2.0 authorization code flow acquire an access_token to include in requests to resources protected by the Microsoft identity platform (typically APIs). The OAuth 2.0 authorization code flow is described in section 4.1 of the OAuth 2.0 specification. Standard (server-based) web application.Use the auth code flow paired with Proof Key for Code Exchange (PKCE) and OpenID Connect (OIDC) to get access tokens and ID tokens in these types of apps: Applications that support the auth code flow Instead, use a Microsoft-built and supported authentication library to get security tokens and call protected web APIs in your apps. This article describes low-level protocol details required only when manually crafting and issuing raw HTTP requests to execute the flow, which we do not recommend. For example, a web browser, desktop, or mobile application operated by a user to sign in to your app and access their data. The auth code flow requires a user-agent that supports redirection from the authorization server (the Microsoft identity platform) back to your application. The OAuth 2.0 authorization code grant type, or auth code flow, enables a client application to obtain authorized access to protected resources like web APIs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |