0

I'm completely brand new on the azure identities world, and I'm just getting started to use them, I've been reading a bit about azure service principals, it seems pretty cool, but now I'm wondering if Is it possible to have 3 applications registered and use a service principal to communicate one with the others? so having the 3 apis (App1, App2, App3)

App1 can authenticate using the service principal and using it can communicate with App2 and App3 because App1 has "access" for both Applications (App2 and App3) and App2 and App3 are just registered.

But If later on there's an App4 I can easily just assign access to communicate with App2

App1    App2    App3    App4
x->      x
x->              x
         x->             x

If I misunderstand what's the real usage of service principals or my approach is not correct please let me know, any feedback is welcome

For the scenario described above I don't need/want a user to login and authorize any application. This approach is purely based on APIs

Herberth Gomez
  • 187
  • 1
  • 2
  • 19
  • The answer will depend on what sort of authorization you’re interested in. Does a user authenticate to app1 and then that same user identity hits app 2? Or are you thinking app to app only, without user context? – Josh Jun 25 '21 at 23:17
  • Yes without user context, I'll update my question to reflect no user login is required – Herberth Gomez Jun 28 '21 at 14:00
  • If no user context , then you need to use `appRole`. – Carl Zhao Jun 29 '21 at 02:19

1 Answers1

0

Are you talking about communication between two applications or communication between multiple applications?

If it is communication between two applications (app1->app2 (api1)), then you need to create app1 and app2 in Azure, and then use app2 as the api application and app1 as the client application. Next, you need to expose the api of the api application and add the client application, and then make the user log in to the client application and complete the authorization, and then you can use the token of app1 to call app2. For the detailed operation process, please refer to my previous answer.

If you are talking about communication between multiple applications (app1->app2(api1)->app3(api2)), then you need to expose the APIs of app2 and app3, and then make app1 call app2, and then app2 as the middle layer api calls app3 again. For the detailed operation process, please refer to my previous answer.

Carl Zhao
  • 8,543
  • 2
  • 11
  • 19