LATEST VERSION: 1.9 - RELEASE NOTES
Single Sign-On v1.9

Determining SSO Application Type

This topic explains how to determine your SSO Application type.

Determine Your SSO Application Type

Before you bind or register an app, you must determine its SSO application type and the corresponding OAuth grant type. OAuth grant types determine how the app communicates with SSO to acquire tokens for authentication and authorization purposes.

If your app authenticates end users, its application type is Web App, Native App, or Single-Page JavaScript App. If the app does not authenticate end users, but rather accesses other services or APIs on its own behalf, then its type is Service-to-Service App.

See the table below to determine your app’s SSO Application Type and OAuth Grant Type:

Application Type SSO Application Type OAuth Grant Type
Web Web App authorization code
Native Mobile, Desktop, or Command Line Native App password (the resource owner’s password)
Single-Page JavaScript Single-Page JavaScript App implicit
Service-to-Service Service-to-Service App client_credentials
Resource Server Secured API, Database Server n/a

The Single Sign-On Service Sample Applications GitHub repository provides examples for a few application types listed above.

Note: The Native App application type is intended only for highly-trusted apps, such as company-owned and managed apps. The Native App application type works only with back-channel protocols, such as internal UAA store or LDAP. It does not work with front-channel protocols, such as SAML.

Create a pull request or raise an issue on the source for this page in GitHub