Skip to content
This repository has been archived by the owner on Jun 30, 2023. It is now read-only.

Confidential client applications flows

Jump to bottom
Jean-Marc Prieur edited this page Feb 13, 2018 · 4 revisions

Confidential client applications are applications capable of storing a secret. Those are typically Web Apps, Web APIs (because their binary is not accessible), and daemon applications like windows services.

In addition to acquiring cached tokens, confidential client applications have specific flows to acquire tokens:

  • Acquire token for the application itself (client credential), and not for a user. This can be used for synching tools, or tools which process users in general, not a particular user.
  • In the case of Web Apps or Web APIs calling another Web API in the name of the user, using the On Behalf Of flow (and still identifying the application itself with client credentials) to acquire a token based on some User assertion (SAML for instance, or a JWT token). This can be used for applications which need to access resources of a particular user.
  • For Web apps, acquire tokens by authorization code after letting the user sign-in through the authorization request URL. This is typically the mechanism used by an open id connect application, which lets the user sign-in using Open ID connect, but then wants to access Web APIs for this particular user.

Getting started with ADAL.NET

Desktop/Mobile apps

Web apps/Web APIs/daemon apps

Advanced topics

News

Contribute

FAQ

Other resources

Log messages

Clone this wiki locally