Authentication

These tutorials describe security features to an application. That is implemented by using the OAuth2.0, OpenID Connect authentication service provider to access to our services like docs, SPA application,...

# Authentication service provider

• Azure Active Directory (Azure AD)
• Identity Server 4

# Currently supports the following authorization flows:

• Implicit flow: This flow is designed for user-agent only apps (e.g., single page web application).

Which OAuth2.0 flow should I use? => Auth0

# Is the Client a Single Page App?

If the Client is a Single Page App, an application running in a browser using a scripting language like JavaScript, there are two grant options: the Authorization Code Grant using Proof Key for Code Exchange (PKCE) and the Implicit Grant. For most cases, we recommend using the Authorization Code Grant with PKCE.

# Implicit Grant

Implicit grants improve the responsiveness and efficiency of some clients (such as a client implemented as an in-browser application),since it reduces the number of round trips required to obtain an access token. However, this convenience should be weighed against the security implications of using implicit grants.

Issue security with Implicit Grant 10.3 Implicit Grant 10.16

# References

• What is authentication
• Difference authentication and authorization
• OAuth2
• OAuth2 Grant types
• OpenID Connect
• Implicit flow Auth0
• Implicit Grant
• Implicit Grant OpenID Connect