This topic tells you how to discover your Single Sign‑On for VMware Tanzu Application Service app type.
Determine Your Single Sign‑On App Type
Before you bind or register an app, you must determine its Single Sign‑On app type and the corresponding OAuth grant type. OAuth grant types determine how the app communicates with Single Sign‑On to acquire tokens for authentication and authorization purposes.
If your app authenticates end users, its Single Sign‑On app type is Web App, Native App, or Single-Page JavaScript App. If the app does not authenticate end users, but rather accesses other services or APIs on its own behalf, then its type is Service-to-Service App.
See the table below to determine your app’s Single Sign‑On app type and OAuth Grant Type:
| App Type | Single Sign‑On App Type | OAuth Grant Type |
|---|---|---|
| Web | Web App | Authorization Code |
| Native Mobile, Desktop, or Command Line | Native App | Resource Owner Password |
| Single-Page JavaScript | Single-Page JavaScript App | Implicit |
| Service-to-Service | Service-to-Service App | Client Credentials |
| Web + Service-to-Service | Web + Service-to-Service App | Authorization Code and Client Credentials |
| Resource Server | Secured API, Database Server | n/a |
The Single Sign‑On Service Sample Applications GitHub repository provides examples for a few of the Single Sign‑On app types listed above.
VMware recommends only using the Native app type for highly-trusted apps, such as company-owned and managed apps. The Native app type only works with back-channel protocols, such as internal UAA store or LDAP. It does not work with front-channel protocols, such as SAML.
