Conceptually, when a user accesses an application, the following steps are performed:
- The user signs in to the application.
- The application (client application) sends an authentication request to SLB Authenticator.
- SLB Authenticator forwards the request to the user's corporate Identity Provider (IdP).
- The user's IdP prompts the user to enter their credentials.
- Upon successful authentication, SLB Authenticator respons with information about the signed-in user. This information is returned in the form of a JSON Web Token (JWT). This authentication result is referred to as an ID Token which contains standard claims about the issuer, user, and the token itself. Custom claims may also be present. Refer Authorization Code Flow with PKCE and Authorization Code Flow for details about the request and response for each type of flow.
- The application presents this token to call cloud APIs. A token has the same capabilities to access resources and perform actions on those resources that the owner of the token has, and it is further limited by any scopes or permissions granted to the token.
- Sample python application (Obtain an Access token for Confidential clients with an ACF grant)
- Sample Angular application (Obtain an Access token for Public clients using ACF with a PKCE)
- Sample C# application (Obtain an Access token for a native application client)