AAD V2端点注册的应用程序似乎可以访问受保护的API [英] AAD V2 endpoint registered applications appear to have access to protected API's

问题描述

对于已注册的应用程序应如何访问受AAD保护的API，我们有些困惑.

We are a little confused on how registered applications should have access to API's protected by AAD.

我们已经创建了一个Web API，并将其注册在apps.dev.microsoft.com上.我们为此创建了一个范围，供其他客户端应用程序访问它. (api://< guid>/)

We have created a web API and registered it on apps.dev.microsoft.com. We created a scope for it for other client applications to access it. (api://<guid>/)

看来，我们在域中注册的所有带有机密的应用程序都可以访问此API，而无需使用以下应用程序(客户端ID-机密)以及api://< guid>格式的API范围来明确授予访问权限. /.default

It appears that any application with secret we register in our domain can access this API without specifically granting access by using the applications - client id - secret - and scope of the API with the format of api://<guid>/.default

这是真的吗?

推荐答案

如果您在V2.0端点上注册了应用程序，请查看此链接以获取详细信息.

If you registered your application with the V2.0 endpoint, check this link for detailed information.

https://docs.microsoft.com/zh-cn/azure/active-directory/develop/quickstart-v2-register-an-app

https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-register-an-app

这篇关于AAD V2端点注册的应用程序似乎可以访问受保护的API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！