search

App Registration Auths

Notes about AZ App and code samples

Item
Delegated Permissions
Application Permissions

App type scenarios

Web / Mobile / Single-Page App (SPA)

Web / Daemon

Access Context

Get access on-behalf of a userarrow-up-right

Get access as a servicearrow-up-right

Who can consent

  • Users can consent for their data

  • Admin can consent for all users

Only admin can consent

Other names

  • Scopes

  • OAuth2 permissions

  • App roles

  • App-only permissions

  • Direct access permissions

Result of consent

oAuth2PermissionGrantsarrow-up-right

appRoleAssignmentsarrow-up-right

circle-info

Authentication flow support in Microsoft Authentication Library (MSAL)

https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flowsarrow-up-right

Username/password (ROPC)

circle-info

hashtag
Graph Explorer

One of the most commonly used Azure APIs is the Graph.

We can use "Graph Explorer"arrow-up-right to sample queries

circle-info

hashtag
Scope

Defines the set of permissions being requested by the application. Scopes can be either static (using .defaultarrow-up-right) or dynamic. This set can include the OpenID Connect scopes (openid, profile, email). If you need application permissions, you must use .default to request the statically configured list of permissions.

circle-info

hashtag
Lab Example for different programming languages

https://learn.microsoft.com/en-us/graph/tutorialsarrow-up-right

triangle-exclamation

To eliminate the need for App (or Client) secret, this option must be able so we can use the "UsernamePasswordCredential" auth method

hashtag
Code Snippets that show "Delegated Permission" property

Grant Types

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropcarrow-up-right

PreviousGraph PermissionsNextPostman

Last updated