Embedded login is wrong and obsolete?

I feel a bit overwhelmed and confused. Are embedded logins becoming obsolete? For any app that allows me to login from within the app using a username and password, should I now start viewing those apps as unsecure and look forward to them migrating to using the browser-based redirect flow - regardless of what service they use to handle authentication and authorization?

Hi @milotis,

Generally, we recommend a centralized login service. Embedded isn’t necessarily obsolete, but it does carry some added risks and you should be aware of them if you are planning on that route.

It’s generally argued as a trade-off of UX vs. security, although there is a strong argument for centralized login providing a consistent experience that users expect and trust as it’s become more standard.

There is a considerable amount of info about this topic in our docs. This page is a great place to start:

I’d be happy to address specific questions if you have them.