Applies to: Workforce tenants External tenants (learn more)
A web API that calls downstream web APIs has the same registration as a protected web API. Follow the instructions in Protected web API: App registration.
Because the web app now calls web APIs, it becomes a confidential client application. That's why extra registration information is required: the app needs to share secrets (client credentials) with the Microsoft identity platform.
Add a client secret or certificateAs with any confidential client application, you need to add a secret or certificate to act as that application's credentials so it can authenticate as itself, without user interaction.
You can add credentials to your client app's registration by using the Azure portal or by using a command-line tool like PowerShell.
Add client credentials by using the Azure portalTo add credentials to your confidential client application's app registration, follow the steps in Quickstart: Register an application with the Microsoft identity platform for the type of credential you want to add:
Add client credentials by using PowerShellAlternatively, you can add credentials when you register your application with the Microsoft identity platform by using PowerShell.
The active-directory-dotnetcore-daemon-v2 code sample on GitHub shows how to add an application secret or certificate when registering an application:
Web apps call APIs on behalf of users for whom the bearer token was received. The web apps need to request delegated permissions. For more information, see Add permissions to access your web API.
Next stepsMove on to the next article in this scenario, App Code configuration.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4