Building applications operating in the internet environment requires understanding of options available for performing authentication and authorization. These options include, both a variety of protocols such as OAuth2 and WS-Federation, as well as tools and toolkits such as Azure AD, AD FS and ADAL.
Premier Dev Consultant Marius Rochon explores OAuth2 questions you need to ask and how the answers lead to the selection of the grant.
The OAuth2 specifications define six different grant types (https://tools.ietf.org/html/rfc6749 and https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15). Each provides the most optimal (from the security point of view) way of obtaining access or (for OIDC) id_tokens given the circumstances of the client application.
In this post, Premier Dev Consultant Marius Rochon show us how to obtain extra access tokens using OAuth2 Extension flow (on-behalf-of flow).
The following describes an approach for getting access tokens to more than one resource, without re-displaying the sign in dialog (using the V2 Azure AD endpoint).
Here’s a quick read from Premier Developer consultant Marius Rochon’s blog. In it, Marius gives some great reasons to leverage passive authentication protocols in your applications rather than writing your own code to handle credentials.
Some time back I wrote about avoiding handling of credentials (creation/maintenance/verification of user names,