Web authentication broker (Windows Store apps)

The web authentication broker provides a set of APIs and the infrastructure for apps to use Internet authentication and authorization protocols such as OAuth and OpenID.

When an app calls the web authentication broker, the user gets a dialog box in which the necessary webpages are rendered to sign in. After the user completes those steps, the dialog box goes away and the user continues with the app.

The following diagram shows an example modal dialog box.

The single sign-on (SSO) mode of the web authentication broker APIs is provided to enable users to seamlessly authenticate to a single service across multiple Windows Store apps. The provider of the service must all the user to explicitly consent to that authentication, typically by providing a "Keep me logged in" option. The provider must also make it clear to the user how their identity is being used, typically by providing a link to a privacy statement from the logon page.

Benefits of using web authentication broker

The web authentication broker provides the following benefits:

• An easy-to-use programming interface that frees the app developer from hosting a browser control within their own app.
• Integration of a provider's web page with a Windows 8 user interface. For more information for online providers, see Web authentication broker for online providers.
• User credentials that are isolated from the app.
• Native support for single sign-on with online providers. For more information, see the How Web authentication broker single sign-on works.

In this section

Related topics

Web authentication broker sample

Windows.Security.Authentication.Web

Connecting to online identity providers

Build date: 11/28/2012