Which authentication flow to use for desktop application RRS feed

  • Question

  • Hi Team,

    We have an application which is an archiving system and the source for this is Exchange Online. We connect to Exchange server to communicate and access mails which needs to be archived in our system. Currently we are using basic authentication to authenticate the users in our application. Since basic authentication is going out of support, we are working on migration from basic authentication to OAuth. Considering this we now see that there are several authentication flows provided by MSAL out of which the shortlisted approach is
    1) Authorization code flow
    2) Client credentials flow

    In order to confirm on these we wanted some clarity on these approaches:
    1) Pros and cons of Authorization code flow v/s Client Credentials flow
    2) Additionally, we have one query on permission types. If we use Authorization code flow we were dealing with delegated permissions and when we use Client credentials flow we had to use application permission.We wanted to know if there is a major difference in the permission types.
    3) It's mentioned that client credentials only works with web client, currently in our desktop application, we were able to use this flow and access the web API. Can we continue using this flow? On a longer run will there be any bottleneck?

    Monday, May 25, 2020 1:51 PM


All replies