App Registration Auths
Notes about AZ App and code samples
Last updated
Notes about AZ App and code samples
Last updated
| Item | Delegated Permissions | Application Permissions |
|---|---|---|
Authentication flow support in Microsoft Authentication Library (MSAL)
https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows
Username/password (ROPC)
One of the most commonly used Azure APIs is the Graph.
We can use "Graph Explorer" to sample queries
Defines the set of permissions being requested by the application. Scopes can be either static (using .default) or dynamic. This set can include the OpenID Connect scopes (openid, profile, email). If you need application permissions, you must use .default to request the statically configured list of permissions.
To eliminate the need for App (or Client) secret, this option must be able so we can use the "UsernamePasswordCredential" auth method
Grant Types
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc
App type scenarios
Web / Mobile / Single-Page App (SPA)
Web / Daemon
Access Context
Who can consent
Users can consent for their data
Admin can consent for all users
Only admin can consent
Other names
Scopes
OAuth2 permissions
App roles
App-only permissions
Direct access permissions
Result of consent
