DEVHIDE
Login Or Sign up

Known Client Application and Authorized Client Application

106 Views Asked by At

I'm following this tutorial for implementing on-behalf-of flow with Microsoft Identity Platform. Specifically, it mentions that in my backend server I should add my React app as a known client application in the manifest. I've done this and it seems to be working. But I also see in the Azure portal under "Expose an API" that I can add an "Authorized client application" and the description is "Authorizing a client application indicates that this API trusts the application and users should not be asked to consent when the client calls this API." This sounds very similar to the description for adding a known client application.

Adding a known client application to the manifest does not automatically add the same client as an Authorized client, so I'm led to believe they are separate things. Can anyone shed light on the differences?

azure-active-directory azure-ad-msal microsoft-identity-platform
Original Q&A
1

There are 1 best solutions below

0
Rukmini On

Note: When you add a client application as Authorized client application it means that the client application is trusted by the API, and it skips asking users for permission to use an API directly.

In single tenant scenario, if the ClientApp is added as Authorized client applications, then the user will be able to directly login without providing any consent when the ServerApp API is called by the ClientApp:

enter image description here

I used the below endpoint to authorize user and user is directly logged in without providing consent:

https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize? 
client_id=ClientID
&response_type=code  
&redirect_uri=https://jwt.ms
&response_mode=query  
&scope=api://ServerAppID/test.read
&state=12345

enter image description here

Note: Known client applications tell the server to trust certain client requests, like when one app talks to another on behalf of a user.

You can update the known client application in the manifest like below:

enter image description here

  • Known client application shows the combined consent of the OAuth permission scopes required by the client and the resource. Refer this MsDoc
  • In multi-tenant scenario, if the application wants to access to another application/API, that application/API's service principal should be present in the tenant. In this case we can define the client as known application.

References:

Authorized client applications by Joy Wang

Known client applications by JoonasW

Related Questions in AZURE-ACTIVE-DIRECTORY

Related Questions in AZURE-AD-MSAL

Related Questions in MICROSOFT-IDENTITY-PLATFORM

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.