If you’re building a web app, chances are you already have an authentication system in place. If it’s not using OAuth2, then it should be! There are many flavors of OAuth2—we recommend using the authorization code grant type and OpenID Connect (OIDC). This is what Google, Facebook, Microsoft, and others use to authenticate users on their websites. It works like this:

A user signs into your website or mobile app with their username and password. Your application redirects them to your API service provider (Google or Microsoft) where they log in again
https://t.co/3YgYiP29L5