TechBinaries

 As part of our needs, we are using a different kind of application. Each application has a different kind of login mechanism. Each mechanism will enhance user experience like federated login with an external provider and improve the application security like adding a verification layer as part of user login. Most of the applications are stateless and they are accessing their backend APIs using an access token. This access token should have information about the user access, minimal user information and it should expire as per the security needs. We can generate the access token in different ways using different types of grant types. ClientCredientials: This type of grant is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user. Multiple application they can communicate with each other using this flow.  They will pass their client id and the secret to the IDP and get the token. Using that token they will access the pa