1

trying to do service to service using Oauth and Azure AD, but seems like everyone within Azure AD has access to my API have tried setting permissions within the Azure ad application in AAD and set the "Allowed Token Audiences" within the authentication part in settings, but nothing seems to limit access to my APP.

what is the purpose of "Allowed Token Audiences" if not to restrict access?

Azure API AAD

dahund
  • 352
  • 1
  • 4
  • 17
  • 1
    Please refer to this [explanation](https://stackoverflow.com/a/40583113/5751404) . – Nan Yu Oct 27 '17 at 08:54
  • Audience would be the client id or app id URI for the app typically. It is used to check that the token received is meant for this API, and not some other API. – juunas Dec 14 '17 at 20:51

0 Answers0