Connecting to an AKS Cluster Non Interactivity — Part 2


  1. POST a request with your username and password to to get an Authorization token.
  2. Using this token, it would then get all your gmail contacts
  3. It would then email each of them about MyCoolApp
  4. It would then forget your email and password, RIGHT?
  1. You are signed in to MyCoolApp and you click on the button to Tell your Gmail Contacts about MyCoolApp.
  2. A popup appears with a login screen to your Google Account. You are happy it’s google by clicking the padlock and checking it’s cert if signed by a trusted signing company. So enter your gmail username and password and click Login
  3. Now you are presented with a screen (in the same popup) with a list of Google resources that MyCoolApp wants access to. If you tick the box and accept, you will be redirected back to a MyCoolApp API (callback) with an Authorization Code in the URL.
  4. MyCoolApp will now use this Code along with it’s own Google Client ID and Secret to request an Access Token.
  5. MyCoolApp will then use this access token, to access you gmail contacts.

Open ID Connect

  1. MyCoolApp has a button to Log a User in with Google. The users clicks this button.
  2. The user is redirected to to Google’s Account Login page, and they user is satisfied this is really Googles Login page, so they enter their Google username and password.
  3. Next they are directed to a similar screen as before, but this time, it’s asking for MyCoolApp to have access to Read your Profile. This usually will give access to information like your first and second name, your email address and perhaps your birthday etc.
  4. If you tick the box and accept, as before, an Authorization code is sent back to the MyCoolApp Redirect URL.
  5. MyCoolApp then exchanges this Authorization Code for an ID Token (also called a JWT (JSON Web Token) token).
  6. Now this ID token identifies information about your, which are called Claims. These are claims about your identity. MyCoolApp can then use this ID token as a way of identifying you as a user of their application.

JSON Web Token (JWT)

Microsoft Identity Platform




Cloud Platform Architect. Opinions and articles on medium are my own.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What’s an inode and what’s inside of one? (Linux First Principles)

Failures to Apps

[Leetcode 283]Move Zeros

Understanding PIVOT, UNPIVOT, and Reverse PIVOT Statements

How to Better Name Your Functions and Variables

EE5111 Selected Topics in Industrial Control and Instrumentation Project 1

How to build, sign and distribute your Flutter Android application using Azure DevOps and AppCenter

The Basic Model of Computation

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adrian Hynes

Adrian Hynes

Cloud Platform Architect. Opinions and articles on medium are my own.

More from Medium

WSO2 API Manager & Auth0 OIDC SSO

Database Versioning — Liquibase

Keycloak Authentication

Secure API with Oauth 2.0 Kong Plugin