how to authenticate azure ad oauth2.0 web api in b2c clients
Question
I have created a azure function app as httprequest (web api https://ph-bde-uat-ptsocfunapp.azurewebsites.net/api/Quote ) and deployed in azure. Now I added oauth2.0 azure ad authentication and I am able to authenticate the api using postman with microsoft MFA. but how a third party clients will be authenticated this api in their Apps. (here the client app is developed using ruby).
I tried using azured ad oauth2.0 authentication with client id, client secret, authorize token, validate token and callback url and scope. but now I want this api to be authenticated using any 3rd party application. how we can authenticate the api in client apps or server to server authentication without user name and password.
1 answers
solution1
0 2022-12-10 19:28:07
For server-to-server, use the client credentials flow.
"The OAuth 2.0 client credentials grant flow permits an app (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling web resource, such as REST API. This type of grant is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user. These types of applications are often referred to as daemons or service accounts."
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.