What is the significance of a user’s “authorized applications”? We have 7 applications sharing one connection, and a user will be able to sign into any of them.
When a new user creates an account on the SPA application, that application does not appear in the user’s dashboard profile until he explicitly signs into it after the “create account” flow.
Does the list of “authorized applications” have any impact on UX or our application security?
The Authorized Applications is an interface showing the list of applications the user has authorized. In other words, a list of where the user has previously authenticated and granted permissions on those applications.
The way the Authorized Application tab works is in the following way:
When a user logs in/signs up with an application for the first time, they are prompted with a consent screen.
After the user explicitly consents to the permissions being asked, the permissions get populated for that specific application.
There should not be any impact on application security or UX. However, you may have a scenario where you would like to revoke specific permissions from the user. Then you could use the revoke button.
Note that the authorized applications will allow you to append more permissions, but there is no way to remove them without using the revoke button. After revoking and once the user logins again, the authorized application will populate with the fresh set of permissions.
Hoped this helps!
Please let me know if you have any other questions.