The Default protocol uses claims authentication and allows implementing single sign-on and access control for modern web applications and APIs. It supports OAuth2's authorization code, implicit, and resource owner password credentials flows. For machine to machine communication you can use Access Keys which is the alternative to client credentials flow. For more information, see Generate access key. This integration allows easy connection with clients such as mobile, web, SPAs, and desktop applications. It is also extensible and allows integration in new and existing architectures.
The authentication is designed and implemented as separate Microsoft OWIN / Katana component. It uses standard
Microsoft.Owin.Security libraries-. Additionally, there are some extensions to support external provider logins, such as Facebook or LinkedIn.