👷‍♂️
Work
  • 💻SNOW
    • Catalog Forms
    • Knowledge Base
  • ☁️Azure
    • Graph Permissions
    • App Registration Auths
      • Postman
      • Graph ROPC Federated Account
        • MSAL UsernamePasswordCredential
        • Java
        • Python
        • C#/VB code Auth
      • Powershell
      • Java Auth x EWS
      • Python Auth x Sharepoint
      • C# Auth x Sharepoint
    • MFA
    • Dynamic Group
    • AAD Device Pending
    • O365 Device Enrollment
    • AAD Device Troubleshoot
    • AAD Mobile Troubleshooting
    • ADO Service Principal
    • External B2B
    • VLSC Admin
    • PowerBI Session Timeout
    • SSO issues
  • 🔓OKTA
    • SVC Account
    • OKTA Integration
    • Access Issues
  • 👷‍♂️Workday
    • Account Lifecycle
    • Coupa
  • 📨O365
    • OOF of Distribution List
    • Mailbox Recovery
    • Mailbox Existence
  • 🦄Misc
    • Windows Terminal
    • Google Auth Export
    • MS Teams Issues
  • 🌥️Cloud Stuff
    • 🚀Benchmarking
      • Vultr
    • 💳Cloud Server
    • ♻️Email and Spams
  • 🔬Open Source
    • Pending
      • Matrix/Synapse
      • Huginn
      • ChangeDetection
    • Tested
      • Codex Docs
      • Ghost Blog
      • n8n Automation
Powered by GitBook
On this page
  1. Azure

App Registration Auths

Notes about AZ App and code samples

PreviousGraph PermissionsNextPostman

Last updated 2 years ago

Item
Delegated Permissions
Application Permissions

App type scenarios

Web / Mobile / Single-Page App (SPA)

Web / Daemon

Access Context

Who can consent

  • Users can consent for their data

  • Admin can consent for all users

Only admin can consent

Other names

  • Scopes

  • OAuth2 permissions

  • App roles

  • App-only permissions

  • Direct access permissions

Result of consent

Authentication flow support in Microsoft Authentication Library (MSAL)

Username/password (ROPC)

Graph Explorer

One of the most commonly used Azure APIs is the Graph.

Scope

Lab Example for different programming languages

To eliminate the need for App (or Client) secret, this option must be able so we can use the "UsernamePasswordCredential" auth method

Code Snippets that show "Delegated Permission" property

Grant Types

We can use to sample queries

Defines the set of permissions being requested by the application. Scopes can be either static (using ) or dynamic. This set can include the OpenID Connect scopes (openid, profile, email). If you need application permissions, you must use .default to request the statically configured list of permissions.

☁️
https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows
"Graph Explorer"
.default
https://learn.microsoft.com/en-us/graph/tutorials
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc
Get access on-behalf of a user
Get access as a service
oAuth2PermissionGrants
appRoleAssignments