I’m creating an application that will have an SPA for the front end that will call APIs in the back end and for this use case I want to authenticate users with the Authorization Code grant type. The back end will also expose a few APIs designed for machine to machine integration and I’d like to use the Client Credentials grant type for this use case. Is using the “Web Application” application type ok for this job? I know I can use both of the grant types I need with this application type and I assume for the SPA app I just wouldn’t store/pass the client secret in the Authorization Code flow? Are there any problems with this approach or am I best hosting the APIs for machine to machine integration in another app entirely? Are there any pros/cons to either approach?
Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!
Do you still require further assistance from us?