Azure AD reply URLS and Client Credential Grant flow

Question

I have 2 services, let's say A and B configured as web apps in azure. B needs a JWT bearer token to return a value. So when we try to call B from A, we Include the JWT bearer token in HTTP call from A using the Client Credential Grant flow explained here: https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow

Now the AAD registration of service B doesn't have localhost as it's reply URL but I noticed that I was able to talk to it from localhost. So Does AAD not respect reply URLs in client credential grant flow?

My understanding of reply URLs is this:

“In the case of a web API or web application, the Reply URL is the location to which Azure AD will send the authentication response, including a token if the authentication was successful.”

I'm using AuthorizationContext.AcquireTokenAsync() method with client credentials of App A and resource id of App B. So It should not return me the token to localhost because it's not configured?

Answer 1

Now the AAD registration of service B doesn't have localhost as it's reply URL but I noticed that I was able to talk to it from localhost. So Does AAD not respect reply URLs in client credential grant flow?

No, reply URLs define the destinations where AAD can send tokens after user authenticates. In client credentials flow the tokens are sent in a response to a request from a program. So they do not matter.