2

I found that to authorize the applications I can also add a client application in App registration>{my api}>Expose an API. I tried this method and the method mentioned here:

API Permission Issue while Azure App Registration

both work, What is the difference ? Is one better than the other?

enter image description here

Nik
  • 53
  • 1
  • 6
  • Can you make your question more clear? – Md Farid Uddin Kiron Jul 18 '19 at 16:25
  • The whole "API Permission" thing confused me - I thought it was the maximum scope that the app could be granted, however it is the minimum because Azure allows "dynamic" permissions - any app can request any scope and if a user or admin has granted (some scopes are Admin-only) it then the app is given an access token with that scope! – camios May 05 '22 at 05:11

1 Answers1

3

If you add your client app in Authorized client applications, when your client calls the API, they will not need to consent. If you use another way, after you add the Delegated permission/Application permission, the user needs to consent to the application(if the permission is admin-consent needed, you need to use admin consent).

enter image description here

The one is not better than the other, they meet different requirements. As the statement said, if you want this API trusts the application, you could add your client to the Authorized client applications, then users will not be asked to consent when the client calls this API.

For more details about consenting to applications, see this link.

Joy Wang
  • 39,905
  • 3
  • 30
  • 54