![]() I don't have enough detail on the exact scenario to be confident that the following sample applies, but it will at least provide a good starting point. ![]() Collecting the users Azure AD credentials is a bad practice to be avoided if at all possible. If you allow Azure AD to present the authentication experience via OAuth 2.0 or OpenID Connect, then you are insulated from the specific authentication method being employed. In that case, more information may be necessary to authenticate the user than you are collecting, a one time password for instance. Also, if you have your own credential collection UI then you may find that sign in fails in the future if multi-factor authentication is turned on. There are serious security implications when collecting a users credentials that are mitigated by using OAuth 2.0 or OpenID Connect to get a token without directly handling the credentials. ![]() You should avoid handling the users credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |