The Microsoft identity platform offers two grant types for JavaScript applications: MSAL.js (2.x) By using the Microsoft identity platform, single-page applications can sign in users and get tokens to access back-end services or web APIs. Single-page applications differ from traditional server-side web apps in terms of authentication characteristics. These applications use JavaScript or a framework like Angular, Vue, and React. Many modern web apps are built as client-side single-page applications.
The Microsoft identity platform supports authentication for these app architectures:Īpplications use the different authentication flows to sign in users and get tokens to call protected APIs. Others are available both for work or school accounts and for personal Microsoft accounts.įor more information, see Supported account types. Some flows are available only for work or school accounts. The available authentication flows differ depending on the sign-in audience.
#Identity api scope approval ui macos windows
Daemon apps, even when implemented as a console service like a Linux daemon or a Windows service.Apps running on devices that don't have a browser, like those running on IoTĬonfidential client applications: Apps in this category include:.Desktop apps that call web APIs on behalf of signed-in users.Public client applications: Apps in this category, like the following types, always sign in users: MSAL.js is the only Microsoft Authentication Library that supports single-page applications. The application often uses a framework like Angular, React, or Vue. Many modern apps have a single-page application at the front end that's primarily written in JavaScript.
Single-page applications: Also known as SPAs, these are web apps in which tokens are acquired by a JavaScript or TypeScript app running in the browser. Each is used with different libraries and objects. These applications tend to be separated into the following three categories. Security tokens can be acquired by multiple types of applications. Single-page, public client, and confidential client applications In these scenarios, applications acquire tokens on behalf of themselves with no user. Most authentication scenarios acquire tokens on behalf of signed-in users. On some platforms, Microsoft offers middleware libraries.
This article describes authentication flows and the application scenarios that they're used in. By using the authentication libraries for the Microsoft identity platform, applications authenticate identities and acquire tokens to access protected APIs. All of the architectures are based on the industry-standard protocols OAuth 2.0 and OpenID Connect. The Microsoft identity platform supports authentication for different kinds of modern application architectures.