You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|[Authorization code](#authorization-code)| User sign-in and access to web APIs on behalf of the user. |* [Desktop](scenario-desktop-overview.md) <br /> * [Mobile](scenario-mobile-overview.md) <br /> * [Single-page app (SPA)](scenario-spa-overview.md) (requires PKCE) <br /> *[Web](scenario-web-app-call-api-overview.md)|
25
+
|[Authorization code](#authorization-code)| User sign-in and access to web APIs on behalf of the user. |[Desktop](scenario-desktop-overview.md) <br /> [Mobile](scenario-mobile-overview.md) <br /> [Single-page app (SPA)](scenario-spa-overview.md) (requires PKCE) <br /> [Web](scenario-web-app-call-api-overview.md)|
26
26
|[Client credentials](#client-credentials)| Access to web APIs by using the identity of the application itself. Typically used for server-to-server communication and automated scripts requiring no user interaction. |[Daemon](scenario-daemon-overview.md)|
27
27
|[Device code](#device-code)| User sign-in and access to web APIs on behalf of the user on input-constrained devices like smart TVs and IoT devices. Also used by command line interface (CLI) applications. |[Desktop, Mobile](scenario-desktop-acquire-token-device-code-flow.md)|
28
28
|[Implicit grant](#implicit-grant)| User sign-in and access to web APIs on behalf of the user. _The implicit grant flow is no longer recommended - use authorization code with PKCE instead._| * [Single-page app (SPA)](scenario-spa-overview.md) <br /> * [Web](scenario-web-app-call-api-overview.md)|
@@ -62,7 +62,7 @@ When users sign in to web applications, the application receives an authorizatio
62
62
63
63
In the following diagram, the application:
64
64
65
-
1. Requests an authorization code which redeemed for an access token.
65
+
1. Requests an authorization code which was redeemed for an access token.
66
66
2. Uses the access token to call a web API, Microsoft Graph.
67
67
68
68
@@ -71,7 +71,7 @@ In the following diagram, the application:
71
71
72
72
- Single-page applications require *Proof Key for Code Exchange* (PKCE) when using the authorization code grant flow. PKCE is supported by MSAL.
73
73
74
-
- The OAuth 2.0 specification requires you use an authorization code to redeem an access token only _once_.
74
+
- The OAuth 2.0 specification requires you to use an authorization code to redeem an access token only _once_.
75
75
76
76
If you attempt to acquire access token multiple times with the same authorization code, an error similar to the following is returned by the Microsoft identity platform. Some libraries and frameworks request the authorization code for you automatically, and requesting a code manually in such cases will also result in this error.
77
77
@@ -85,13 +85,13 @@ The client credentials grant flow permits a web service (a confidential client)
85
85
86
86
### Application secrets
87
87
88
-
89
-
90
-
In the preceding diagram, the application:
88
+
In the following diagram, the application:
91
89
92
90
1. Acquires a token by using application secret or password credentials.
93
91
2. Uses the token to make requests of the resource.
94
92
93
+
0 commit comments