App Registration Auths

Notes about AZ App and code samples

ItemDelegated PermissionsApplication Permissions

App type scenarios

Web / Mobile / Single-Page App (SPA)

Web / Daemon

Access Context

Get access on-behalf of a user

Get access as a service

Who can consent

  • Users can consent for their data

  • Admin can consent for all users

Only admin can consent

Other names

  • Scopes

  • OAuth2 permissions

  • App roles

  • App-only permissions

  • Direct access permissions

Result of consent

oAuth2PermissionGrants

appRoleAssignments

Authentication flow support in Microsoft Authentication Library (MSAL)

https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows

Username/password (ROPC)

Graph Explorer

One of the most commonly used Azure APIs is the Graph.

We can use "Graph Explorer" to sample queries

Scope

Defines the set of permissions being requested by the application. Scopes can be either static (using .default) or dynamic. This set can include the OpenID Connect scopes (openid, profile, email). If you need application permissions, you must use .default to request the statically configured list of permissions.

Lab Example for different programming languages

https://learn.microsoft.com/en-us/graph/tutorials

To eliminate the need for App (or Client) secret, this option must be able so we can use the "UsernamePasswordCredential" auth method

Code Snippets that show "Delegated Permission" property

Grant Types

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

PreviousGraph PermissionsNextPostman

Last updated