We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

Authentication concepts

In this article

    Use the left menu to learn more about authentication details. 


    The following table is meant to assist you determine which OAuth/OpenID Connect flow is best suited for your application type.

    Authentication scenarios for various app types
    App type Native/mobile app Single-page app (SPA) Regular web app non-interactive backend / API
    User context Interactive Interactive Interactive Non-interactive
    Environment Runs on device or OS Runs in browser Runs on server Runs on server
    Flow Native app flow Implicit flow Authentication code flow, with or without PKCE SuperOffice system user flow
    Typical stack OS-specific Javascript

    .NET

    PHP

    webservice
    Windows service
    App identifiers (keys) client ID client ID client ID, client secret client ID, client secret
    Response tokens

    ID token

    access token

    (refresh token)

    ID token

    (access token)

    ID token

    access token

    (refresh token)

    system user token

    system user ticket

    This overview has been simplified for the clarity of the presentation.