Back to notes
What is a Resource Server in Azure AD and its key function?
Press to flip
A Resource Server hosts the data and exposes an API to access it.
What is the difference between confidential clients and public clients?
Confidential clients can keep secrets (e.g., web servers), while public clients cannot keep secrets (e.g., browser apps, native apps).
Explain what a Service Principal is in Azure AD.
A Service Principal is the local representation of an app in each tenant that uses the application, handling management, consent tracking, and scope configuration.
How can admins configure user consent settings in Azure AD?
Admins can control which users can consent to new apps and can pre-consent on behalf of all users in the tenant.
What occurs when a different tenant wants to use a multi-tenant app?
The initial user or enterprise admin in the new tenant consents, causing Azure AD to create a Service Principal in the tenant that references the original app object.
Define 'client registration' in the OAuth2 process.
Client registration involves registering an application with the authorization server, which entails receiving a client ID and optionally, a secret or certificate.
Where can you find the list of Service Principals for apps within a tenant?
Service Principals are listed under 'Enterprise Applications' in Azure AD.
What is created during app registration in Azure AD?
A globally unique Client ID is created, and the application can be configured as single or multi-tenant.
Describe the purpose of Scopes in OAuth2.
Scopes define the permissions or actions that can be performed on the data, such as read, write, or send.
When is a Service Principal automatically created in Azure AD?
A Service Principal is created automatically upon user or tenant consent to use an application.
What is the relationship between App Registration and Service Principal in Azure AD?
App Registration creates a globally unique app object, while Service Principals are created in each tenant that uses the app, representing it locally.
What is the purpose of a refresh token?
A refresh token is used to obtain new access tokens without requiring the user to re-authenticate.
What does the Authorization Server do in the context of OAuth2 and OpenID Connect?
The Authorization Server authenticates and authorizes the Resource Owner and performs OAuth2 for authorization and OpenID Connect for authentication.
How does an access token function in the OAuth2 flow?
An access token is used to access the Resource Server on behalf of the user.
What is the role of the Resource Owner in the Azure AD context?
The Resource Owner holds the data, such as emails, pictures, and address books.
Previous
Next