{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-guides/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"Authenticating an app on behalf of a user","description":"Accelerate E&P application development and protect your innovation by consuming our Data and Domain APIs / Platform APIs.","lang":"en-US","meta":[{"name":"robots","content":"noindex"}],"llmstxt":{"hide":true,"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"authenticating-an-app-on-behalf-of-a-user","__idx":0},"children":["Authenticating an app on behalf of a user"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"background","__idx":1},"children":["Background"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Conceptually, when a user accesses an application, the following steps are performed:"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The user signs in to the application."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The application (client application) sends an authentication request to SLB Authenticator."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["SLB Authenticator forwards the request to the user's corporate Identity Provider (IdP)."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The user's IdP prompts the user to enter their credentials."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Upon successful authentication, SLB Authenticator respons with information about the signed-in user. This information is returned in the form of a ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"https://tools.ietf.org/html/rfc7519"},"children":["JSON Web Token (JWT)"]},". This authentication result is referred to as an ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"https://openid.net/specs/openid-connect-core-1_0.html#IDToken"},"children":["ID Token"]}," which contains standard claims about the issuer, user, and the token itself. Custom claims may also be present."," ","Refer ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/solutions/sauth/tutorial/authenticator-service#authorization-code-flow-with-pkce"},"children":["Authorization Code Flow with PKCE"]}," and ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/solutions/sauth/tutorial/authenticator-service#authorization-code-flow"},"children":["Authorization Code Flow"]}," for details about the request and response for each type of flow."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The application presents this token to call cloud APIs. A token has the same capabilities to access resources and perform actions on those resources that the owner of the token has, and it is further limited by any scopes or permissions granted to the token."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"sample-applications---authenticating-with-an-app-on-behalf-of-a-user","__idx":2},"children":["Sample applications - Authenticating with an app on behalf of a user"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/cloud-apis/create-first-app/python-webapp-sample"},"children":["Sample python application"]}," (Obtain an Access token for Confidential clients with an ACF grant)"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/cloud-apis/create-first-app/angular-webapp-sample"},"children":["Sample Angular application"]}," (Obtain an Access token for Public clients using ACF with a PKCE)"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/guides/cloud-apis/create-first-app/angular-webapp-sample"},"children":["Sample C# application"]}," (Obtain an Access token for a native application client)"]}]}]},"headings":[{"value":"Authenticating an app on behalf of a user","id":"authenticating-an-app-on-behalf-of-a-user","depth":1},{"value":"Background","id":"background","depth":2},{"value":"Sample applications - Authenticating with an app on behalf of a user","id":"sample-applications---authenticating-with-an-app-on-behalf-of-a-user","depth":2}],"frontmatter":{"seo":{"title":"Authenticating an app on behalf of a user"}},"lastModified":"2025-06-04T23:12:06.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/guides/cloud-apis/create-first-app/authenticating-on-behalf-user","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}