Considering the following documentation, I understand that Azure AD B2C (and Azure AD) support two protocols: OpenID Connect and OAuth 2.0
https://docs.microsoft.com/en-us/azure/active-directory-b2c/protocols-overview
At the same time, AAD and B2C support different authentication flows, such as Authorization Code Flow, Implicit Flow, or Client Credential flow.
What are the differences and connections between authentication protocols and authentication flows?
>Solution :
Flows are a subset of protocols.
OpenID Connect is built on top of OAuth2. These are protocols.
These protocols contain the flows you mentioned.
AAD also supports the SAML 2.0 and WS-Federation protocols.
B2C also supports the SAML 2.0 protocol.
WS-Federation e.g. supports two flows:
- Passive = browser based
- Active = webapi based i.e. WCF