Which differences between OAuth2 methods for Connected System?

Certified Senior Developer

Hi,

We are going to use OAuth2 for a customer and reading the Appian doc, I can see this :

- "OAuth 2.0: Client Credentials Grant" : is used when access is being requested on behalf of an application, 

- "OAuth 2.0: Authorization Code Grant" : is used when access is being requested on behalf of a user,

- "OAuth 2.0: SAML Assertion flow" :  used with SAML...

Could you explain me the main differences between each of them please ?  (with possibly examples Smile)

Regards

  Discussion posts and replies are publicly visible

Parents Reply
  • 0
    Certified Senior Developer
    in reply to cedric01

    Stefan, I've got some additional informations.

    We have the following situation:
    Today, our customer's Appian application is using ESB APIs (I don't know wich one).
    But he needs to migrate their Old ESB to Synapse (API solution).
    The migration will need actions at Appian level where the endpoints must be updated to the Synapse ones.
    At the same time, as Synapse is a SaaS solution outside of their Network, they would need to use OAuth2.

    So if I have well understood your explanations, we can only choose between "Code Grant" and "Credential Grant" solutions, and forget "SAML" one? (as they need to make API calls from Appian).

    Maybe the "Credential Grant" one would be the best solution, using a service user account ?

Children