Azure AD OAuth Authorization FlowsOn 2 minutes
This post is not an original post from me, but an important concept I wanted to have on my blog. It was taken from one of the Microsoft documentation page.
Office 365 uses Azure Active Directory (Azure AD) to secure its APIs, which are accessed through Microsoft Graph. Azure AD uses OAuth as the authorization protocol.
When an application completes the OAuth authorization flow, it gets a temporary access token. The token provides access to specific resources on behalf of the user by using permissions granted to the application by that user.
There are different types of OAuth flows depending on the kind of application.
Web applications use an OAuth flow where Azure AD redirects to the URL where the application is hosted. The redirect is an additional security measure to verify the authenticity of that application.
Client applications, such as Android and iOS apps, don’t have a URL and can’t use a redirect. So they complete the OAuth flow without the redirect. Both web applications and client applications use a publicly known client ID and a privately held client secret known only to Azure AD and the application.
Other posts in this series