angularspring-securityoauth-2.0okta

Which grant_type(flow) shoud I use?


So, I have made an application that has a backend (for all the APIs) in springboot and the frontend in Angular.Now I want to add the security part to the application using oauth2.0 (okta as authorization server),i am little confused about the flow that i should follow.

So, I have made an application that has a backend (for all the APIs) in springboot and the frontend in Angular.Now I want to add the security part to the application using oauth2.0 (okta as authorization server),i am little confused about the flow that i should follow.

What should i use ? authorization_code ,implicit,credentials,password or any other if any ?

p.s- the backend is only responsible for the API and database connect , it does not render the web pages.

Thanks in advance.


Solution

  • Your choice is either authorization code with PKCE, if you want your frontend getting token(s) all alone. Or you can use authorization code where your frontend will ask your backend to exchange the code obtained from Okta through browser channel for token(s) and then share them back with your frontend.

    In the latter approach you can actually think also of maybe dropping the idea of using access tokens to protect your app API, if it's only your frontend talking to it and no other clients. Establishing a session would be sufficient in this scenario