# App Registration Auths

| Item | Delegated Permissions | Application Permissions | | ------------------ | ----------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | | App type scenarios | Web / Mobile / Single-Page App (SPA) | Web / Daemon | | Access Context | [Get access on-behalf of a user](https://learn.microsoft.com/en-us/graph/auth-v2-user) | [Get access as a service](https://learn.microsoft.com/en-us/graph/auth-v2-service) | | Who can consent |

Users can consent for their data
Admin can consent for all users

| Only admin can consent | | Other names |

Scopes
OAuth2 permissions

App roles
App-only permissions
Direct access permissions

| | Result of consent | [oAuth2PermissionGrants](https://learn.microsoft.com/en-us/graph/api/resources/oauth2permissiongrant) | [appRoleAssignments](https://learn.microsoft.com/en-us/graph/api/resources/approleassignment) | {% hint style="info" %} Authentication flow support in Microsoft Authentication Library (MSAL) ![](/files/pA3RudjZ0uOwdDimkqVP) Username/password (ROPC) {% endhint %} {% hint style="info" %} ### Graph Explorer One of the most commonly used Azure APIs is the Graph. We can use ["Graph Explorer"](https://developer.microsoft.com/en-us/graph/graph-explorer) to sample queries {% endhint %} {% hint style="info" %} ### Scope Defines the set of permissions being requested by the application. Scopes can be either static (using [`.default`](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#the-default-scope)) or dynamic. This set can include the OpenID Connect scopes (`openid`, `profile`, `email`). If you need application permissions, you must use `.default` to request the statically configured list of permissions. {% endhint %} {% hint style="info" %} ### Lab Example for different programming languages

{% endhint %} {% hint style="danger" %} To eliminate the need for App (or Client) secret, this option must be able so we can use the "UsernamePasswordCredential" auth method ![](/files/t40s6dKbF0nZ1SVctgg5) {% endhint %} ### Code Snippets that show "Delegated Permission" property

Grant Types --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.jianny.net/work/azure/app-registration-auths.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.