Showing results for 
Search instead for 
Did you mean: 

OAuth 2.0 Authorization Code Grant for Power Portals

At the moment, the Power Platform Portals provides the support to Implicit Grant Flow for communicating with external applications. However, using the Implicit Grant Flow is not a recommended approach and it is not supported by external applications. According to the OAuth: "It is generally not recommended to use the implicit flow (and some servers prohibit this flow entirely). In the time since the spec was originally written, the industry best practice has changed to recommend that public clients should use the authorization code flow with the PKCE extension instead."


I would like to have the support of "OAuth 2.0 Authorization Code Grant" in Power Plartform Portals to stay up to date with security requiremnts. 

Status: New

This is recommended by our Infosec team