Skip to main content

Understand authentication flow

Logto is built on OAuth 2.0 and OpenID Connect (OIDC) standards. Understanding these authentication standards will make the integration process smoother and more straightforward.

User authentication flow​

Here's what happens when a user signs in with Logto:

In this flow, several key concepts are essential for the integration process:

  • Application: This represents your app in Logto. You'll create an application configuration in the Logto Console to establish a connection between your actual application and Logto services. Learn more about Application.
  • Redirect URI: After users complete authentication on the Logto sign-in page, Logto redirects them back to your application through this URI. You'll need to configure the Redirect URI in your Application settings. For more details, see Redirect URIs.
  • Handle sign-in callback: When Logto redirects users back to your application, your app needs to process the authentication data and request access tokens and user information. Don't worry - the Logto SDK handles this automatically.

This overview covers the essentials for quick integration. For a deeper understanding, check out our Sign-in experience explained guide.

Machine-to-machine authentication flow​

Logto provides machine-to-machine (M2M) application type to enable direct authentication between services, based on OAuth 2.0 Client Credentials flow:

This machine-to-machine (M2M) authentication flow is designed for applications that need to directly communicate with resources without user interaction (thus no UI), such as an API service updating user data in Logto or a statistics service pulling daily orders.

In this flow, services authenticate using client credentials - a combination of Application ID and Application Secret that uniquely identifies and authenticates the service. These credentials serve as the service's identity when requesting access tokens from Logto.

Blog: Secure cloud-based applications with OAuth 2.0 and OpenID Connect

Why single sign-on (SSO) for multiple applications is better

Why you need a centralized identity system for a multi-app business