What is the exact difference between native app and web app in Azure Active Directory
When we register an application in the Azure Active Directory for using graph api, I see there are two types of application Web application and Native application. While creating web application there are two values requested 1. Sign-on URL and 2. App ID url. What is the use of these values ? Do we required real world url or just https://localhost:randomePort enough ? On the other hand while creating Native application, I can see only one required value 'Redirect URL'. I can obtain access token for web application using REST call POST https://login.microsoftonline.com/<tenant-id>/oauth2/token grant_type client_credentials client_id (the client ID of the calling service application in the AD) client secret (the key configured in the calling service application in the AD) resource https://graph.windows.net But how can I obtain access token for native app using such REST call ? because there is not client secret for native appliction Coming to permissions, for the native app, I can see only delegated permissions option available while for web app I can see application permission as well as delegated permissions option. One more thing, above REST call example authenticates application, How can I authenticate user using his credential using REST call ?
Native applications are public clients in OAuth2 parlance. Those apps are meant to run on a device and aren't trusted to maintain a secret - hence, their entry in the directory does not have the corresponding property. Without a secret, there is no way to assert the identity of the app - hence such apps cannot gain app level permissions and the portal UX reflects that. Conversely web apps are, again in OAuth2 parlance, confidential clients. They can get delegated tokens for their users, but they can also use client credentials to get tokens as themselves. Native apps can obtain tokens for the user via the OAuth2 authorization grant. You can find a complete overview of all supported topologies at https://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/. Each scenario description point to more implementation oriented guidance.
Cannot export a BACPAC from SQL Azure — ExtAuth_Key10 is not supported in Microsoft Azure SQL Database v12
Azure Portal - AD Group Members only lists first 100 members
Azure IoT hub simple publish-subcribe communication
Request.IsAuthenticated returning false when two applications connecting to Azure AD
Azure Log Stream not Logging
Move files between azure file share and blob
Adding additional NICs to a Virtual Machine in Azure?
Is Azure Blob storage the right place to store many (small) communication logs?
Azure Data Factory - Use GetRunRecord(runid) to get complete Error Details
Azure Stream Analytics: Specified cast is not valid
Azure AD Connect in two Office 365 tenants
Get Active Directory Value from external AD
DocumentDB how to reduce RU's for request
Azure AD Enterprise application not showing 'automatic' provisioning mode
Wildcards in counter specifiers in Azure Diagnostic
Azure-Functions: How to serve content from the root of domain