Understanding and implementing OAuth2 authentication in Azure AD
The Microsoft identity platform supports industry-standard protocols such as OAuth 2.0 and OpenID Connect, as well as open source libraries for different platforms. Azure Active Directory (Azure AD) uses OAuth 2.0 to allow you to authorize access to resources in your Azure AD tenant. OpenID Connect is then used in your custom applications as middleware to communicate with the OAuth 2.0 framework.
There are two primary use cases in the Microsoft identity platform programming model:
- During an OAuth 2.0 authorization grant flow: During this flow, a resource owner grants authorization to the client application. This will allow the client to access the resources from the resource owner.
- During resource access by the client: During this flow, the claim values present in the access token are used as a basis for making access control decisions. This is implemented by the resource server.
The OAuth 2.0 authorization...