4 Authentication Flows

We know that OpenID Connect (OIDC) extends the OAuth 2.0 protocol by introducing new flows, reusing some of the existing ones, and by placing the user, not the application, at the center of such flows. In this chapter, we will go through OAuth 2.0 and OIDC basics, learn about their flows, similarities, and differences, and where they can be used and why.

The chapter covers the following main topics:

The authorization code grant flow
The authorization code grant flow with Proof Key for Code Exchange
The implicit grant flow
The client credentials grant flow
The Resource Owner Password Credentials (ROPC) grant flow
The On-Behalf-Of (OBO) flow
Hybrid flows

Here’s a list of the flows and their support:

Figure 4.1 – ...

Get Cloud Identity Patterns and Strategies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cloud Identity Patterns and Strategies by Giuseppe Di Federico, Fabrizio Barcaroli

4

Authentication Flows

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly