azure


What is the exact difference between native app and web app in Azure Active Directory


When we register an application in the Azure Active Directory for using graph api, I see there are two types of application Web application and Native application.
While creating web application there are two values requested 1. Sign-on URL and 2. App ID url. What is the use of these values ? Do we required real world url or just https://localhost:randomePort enough ?
On the other hand while creating Native application, I can see only one required value 'Redirect URL'.
I can obtain access token for web application using REST call
POST https://login.microsoftonline.com/<tenant-id>/oauth2/token
grant_type client_credentials
client_id (the client ID of the calling service application in the AD)
client secret (the key configured in the calling service application in the AD)
resource https://graph.windows.net
But how can I obtain access token for native app using such REST call ? because there is not client secret for native appliction
Coming to permissions, for the native app, I can see only delegated permissions option available while for web app I can see application permission as well as delegated permissions option.
One more thing, above REST call example authenticates application, How can I authenticate user using his credential using REST call ?
Native applications are public clients in OAuth2 parlance. Those apps are meant to run on a device and aren't trusted to maintain a secret - hence, their entry in the directory does not have the corresponding property. Without a secret, there is no way to assert the identity of the app - hence such apps cannot gain app level permissions and the portal UX reflects that.
Conversely web apps are, again in OAuth2 parlance, confidential clients. They can get delegated tokens for their users, but they can also use client credentials to get tokens as themselves.
Native apps can obtain tokens for the user via the OAuth2 authorization grant. You can find a complete overview of all supported topologies at https://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/. Each scenario description point to more implementation oriented guidance.

Related Links

Cannot export a BACPAC from SQL Azure — ExtAuth_Key10 is not supported in Microsoft Azure SQL Database v12
Azure Portal - AD Group Members only lists first 100 members
Azure IoT hub simple publish-subcribe communication
Request.IsAuthenticated returning false when two applications connecting to Azure AD
Azure Log Stream not Logging
Move files between azure file share and blob
Adding additional NICs to a Virtual Machine in Azure?
Is Azure Blob storage the right place to store many (small) communication logs?
Azure Data Factory - Use GetRunRecord(runid) to get complete Error Details
Azure Stream Analytics: Specified cast is not valid
Azure AD Connect in two Office 365 tenants
Get Active Directory Value from external AD
DocumentDB how to reduce RU's for request
Azure AD Enterprise application not showing 'automatic' provisioning mode
Wildcards in counter specifiers in Azure Diagnostic
Azure-Functions: How to serve content from the root of domain

Categories

HOME
google-apis-explorer
vr
parse.com
xquery
normalization
open-source
sony
jfreechart
telnet
hyperion
boxfuse
uwsgi
luci
oracle-agile-plm
google-cloud-sdk
googletest
installer
spring-cloud-consul
revitpythonshell
pcap
code-analysis
background-subtraction
precision
pvs-studio
sql-server-2014-express
expression-trees
kubernetes-go-client
swipe
jtapi
pvlib
nib
extraction
bits
uistoryboardsegue
ibm-wcm
psychopy
compass-lucene
project-centennial
codeigniter-hmvc
win2d
log4perl
android-calendar
simplesamlphp
formstack
dwr
liclipse
facebook-canvas
nuget-package-restore
informatica-cloud
logstash-jdbc
turnjs
building
file-import
restbed
duration
gcloud-java
administrator
wand
symbian
cocoon-gem
maven-cargo
fastparse
odoo
getuikit
adserver
isql
nolio
mklink
cpp-netlib
clearcase-remote-client
twill
dirpagination
disk-io
libavcodec
freemind
llblgenpro
nsusernotificationcenter
wow64
scrollpane
visual-assist
nsmanagedobjectmodel
loadlibrary
asp.net-authentication
icon-fonts
square-cube
google-provisioning-api
android-actionbar-compat
time-limiting
katta
ssao
orthographic
custom-tag
cassandra-0.7
webshop
coords
plumtree

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App