- #Identity api scope approval ui. how to#
- #Identity api scope approval ui. code#
- #Identity api scope approval ui. series#
Why do you want a separate Azure AD application for your web API from your web application?īecause Azure AD applications model real-world applications and hold application specific attributes such as reply URLs, secrets, and API dependencies. Why a distinct Azure AD application for the web API? Azure AD Applicationįirst thing first - we're going to need an Azure AD application to model the web API application within Azure AD. but I wanna talk about so that's what I'm going to do). But you could use the MSAL library if you want. (And using the library here will really help us out.
#Identity api scope approval ui. code#
The second is the code the web API and make sure it communicates with Azure AD appropriately to check the token and scope.
The first is to setup the Azure AD application to model the real-world web API. There are 2 parts to get a web API ready to do authentication with Azure Active Directory.
It's really saying, your request will be able to access the code that reads & writes the products, but the code will still do some authorization to make sure you're reading & writing the correct products.Īnd in step number 4 above, I'll use the library to make development easier on myself. So even though an API may have a scope that says if you can access me, you can read & write products from a database. And a user (or admin of Azure AD) consents that the calling application can use the scope(s). (Like read and write products from a database.) Then those scopes are granted to other Azure AD applications. One Azure AD application says I have these scopes and they'll do certain things. You can think of a scope as a permission at the Azure AD application level. But no checks as to whether the user has access to the particular resource is happening. The scope and the token in general are being checked as being valid. It should be noted that no user-level authorization is going on here.
#Identity api scope approval ui. series#
(And remember, refer back to that first article in this series to help explain any concepts.) You'll create a Web API application, protect it behind Azure AD, and then have the web app from the previous article access it.
#Identity api scope approval ui. how to#
In the last article you learned how to authenticate an ASP.NET Core web application to Azure Active Directory using the preview version of the library.Īnd ideally (hopefully!) you were able to make sense of the concepts and how the fit together because the first article in this series helped you out!