App Registration Auths

Notes about AZ App and code samples

Item
Delegated Permissions
Application Permissions

App type scenarios

Web / Mobile / Single-Page App (SPA)

Web / Daemon

Who can consent

  • Users can consent for their data

  • Admin can consent for all users

Only admin can consent

Other names

  • Scopes

  • OAuth2 permissions

  • App roles

  • App-only permissions

  • Direct access permissions

Authentication flow support in Microsoft Authentication Library (MSAL)

https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows

Username/password (ROPC)

Graph Explorer

One of the most commonly used Azure APIs is the Graph.

We can use "Graph Explorer" to sample queries

Scope

Defines the set of permissions being requested by the application. Scopes can be either static (using .default) or dynamic. This set can include the OpenID Connect scopes (openid, profile, email). If you need application permissions, you must use .default to request the statically configured list of permissions.

Lab Example for different programming languages

Code Snippets that show "Delegated Permission" property

Grant Types

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

Last updated