In some OAuth setups, the external application communicates with a third-party system, which may require authentication through OAuth. The external application is solely responsible for this authentication process, the Web Client plays no role.
-
The external application uses an OIDC approved library to obtain the authentication token, which handles much of the process, and must be configured to connect to the third-party application.
-
The external application credentials used to acquire the token must be obtained from the third-party prior to writing code.
-
The external application must use a pop-up mode for authentication due to the restriction of it being hosted in an iframe.
-
When the external application has been authenticated and receives an authentication token, the token is used on all subsequent calls to the RESTful APIs.
-
This setup scenario applies when each user needs to use their own credentials to access a third-party API.
-
Where the third-party is setup to use an active directory for authentication, the same setup is required, but there is no login screen.