App Registration Auths

Notes about AZ App and code samples

Item

Delegated Permissions

Application Permissions

App type scenarios

Web / Mobile / Single-Page App (SPA)

Web / Daemon

Access Context

Who can consent

Users can consent for their data
Admin can consent for all users

Only admin can consent

Other names

Scopes
OAuth2 permissions

App roles
App-only permissions
Direct access permissions

Result of consent

Authentication flow support in Microsoft Authentication Library (MSAL)

https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows

Username/password (ROPC)

Graph Explorer

One of the most commonly used Azure APIs is the Graph.

We can use "Graph Explorer" to sample queries

Scope

Defines the set of permissions being requested by the application. Scopes can be either static (using .default) or dynamic. This set can include the OpenID Connect scopes (openid, profile, email). If you need application permissions, you must use .default to request the statically configured list of permissions.

Lab Example for different programming languages

https://learn.microsoft.com/en-us/graph/tutorials

To eliminate the need for App (or Client) secret, this option must be able so we can use the "UsernamePasswordCredential" auth method

Code Snippets that show "Delegated Permission" property

Grant Types

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

PreviousGraph Permissions NextPostman

Last updated 2 years ago