Comment on page

App Registration Auths

Notes about AZ App and code samples
Delegated Permissions
Application Permissions
App type scenarios
Web / Mobile / Single-Page App (SPA)
Web / Daemon
Access Context
Who can consent
  • Users can consent for their data
  • Admin can consent for all users
Only admin can consent
Other names
  • Scopes
  • OAuth2 permissions
  • App roles
  • App-only permissions
  • Direct access permissions
Result of consent
Authentication flow support in Microsoft Authentication Library (MSAL)
Username/password (ROPC)

Graph Explorer

One of the most commonly used Azure APIs is the Graph.
We can use "Graph Explorer" to sample queries


Defines the set of permissions being requested by the application. Scopes can be either static (using .default) or dynamic. This set can include the OpenID Connect scopes (openid, profile, email). If you need application permissions, you must use .default to request the statically configured list of permissions.

Lab Example for different programming languages

To eliminate the need for App (or Client) secret, this option must be able so we can use the "UsernamePasswordCredential" auth method

Code Snippets that show "Delegated Permission" property

Grant Types