The typical suggested approach when creating a client/server application (Typically for SPA apps) in Azure is to create one AAD application for the service (API) and another AAD application for the client application (E.g. Angular Spa). While I understand the mindset behind this, are there any implications creating one AAD application for both and share the same configurations values (ClientId...) between both applications? This simplifies the implementation, especially when there is only one type of client app (E.g. Web) that consumes the API tier.
Asked
Active
Viewed 111 times
1 Answers
1
I think you might want to take a look at the documentation as it might explain what the app registrations are meant for : https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-overview
This specific tutorial goes over the SPA Scenario : https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-overview
The purpose behind creating an AAD App Registration for the Server is so that the client is able to request an access token for a the web API resource. For example, if you're trying to access the Microsoft Graph API, you would request xyz permissions to make a call to the Microsoft Graph's xyz API.
And the V2 Overview and the SPA Scenario Overview both go over this very thoroughly.
Note that you are not creating an AAD App Registration for your client, your creating one for your server and custom web API resource. So you would have a client requesting an access token with the server's information to get access to the web api.
In addition to that, you'll want to be clear on which endpoint you're using. This goes into that a bit further as well : How do I check to see if my AzureAD version is V1 or V2?
And here are some reasons why one would want to use the v2 endpoint : https://learn.microsoft.com/en-us/azure/active-directory/develop/azure-ad-endpoint-comparison
Frank H
- 831
- 1
- 7
- 15