Understanding the authorization code flow
Before we dive into the code, some basics around application sign-in flows need to be covered. As we have mentioned in the previous chapters, the Microsoft identity platform supports authentication for different types of application architectures. All these architectures are fully based on industry standards, such as OAuth 2.0 and OpenID Connect. On top of that, Microsoft has released a set of client libraries that can be used inside your applications to authenticate identities and acquire tokens to access protected APIs. These libraries are part of the MSAL.
Important Note
OAuth 2.0, OpenID Connect, and MSAL are covered in detail in Part 2 of this book.
Multiple types of flows are supported in OAuth 2.0 and OpenID Connect, as well as the Microsoft identity platform. In Chapter 5, Securing Applications with OAuth 2.0, OpenID Connect, and MSAL, we will cover them in more detail. In this chapter, we want to cover the most used flow...