Please enable JavaScript.
Coggle requires JavaScript to display documents.
Entra ID - Coggle Diagram
Entra ID
app types
SPA
can use either
authorization code flow (with PKCE)
Implicit flow
Public client
always sign in users
desktop apps
calling api on behalf of signed in user
mobile apps
apps running on devices that don't have any browser
Confidential client
web app that call a web api
use authorization code flow
store the token in cache
web API that call a web api
daemon apps
console service
webapp that signs in user
authentication
OIDC
Roles
Client
the application requesting protected resource
can be
web app running on a server
single page web app running in user's browser
a web api calling another api
Resource owner
the end user
Authorization server
aka Identity provider
securely handles user info
issues tokens to access resource (authorization)
after user has signed in(authentication)
Resource server
hosts resources
its a web api fronting a data store
relies on authorization server for authentication
uses info in bearer token issued by authorization server to grant or deny access to resources
SAML
Authorization
OAuth
MSAL library