OAuth 2.0 is a delegation framework — it lets users grant apps limited access to their resources without sharing passwords. OIDC (OpenID Connect) adds identity on top: an ID Token with user profile claims. Microsoft Entra ID implements both. The Authorization Code + PKCE flow is the only recommended flow for public clients in 2026.
Authorization Code + PKCE flow — the recommended auth flow for SPAs and mobile apps.
Sign in to share your feedback and join the discussion.