Reputation: 11
Are multiple App Registrations on Azure for SPA and web API necessary?
Are multiple App Registrations on Azure for SPA and web API necessary? I am making a SPA and API server by following this sample.
Here, I had to register multiple applications on Azure. Can this be done by using only a single app registration?
Upvotes: 1
Views: 650
Answers (1)
Reputation: 58733
It isn't necessary and you can use a single app registration. There used to be a restrictions in app registrations that made it so you basically had to make an app for each piece. Now you can even add all of the platforms under the one app registration.
I think you cannot restrict the delegated permissions/scopes used by the front-end against your back-end. Since they are the same app from AAD point of view, it can use whatever scopes it wants. This may or may not matter to you.
Another potential scenario to look out for is if you apply delegated permissions to the app registration and you only intend to utilize them from your back-end through the on-behalf-of flow. It is also possible for them to be used from the front-end by a crafty user. Of course the user info in the tokens is the same in both cases.
Upvotes: 1
Related Questions
- Setup SPA Frontend and Backend as separate Azure AD App Registrations
- Azure AD auth - calling web api (multi-tenant) with organizations token fails
- Azure App Proxy and SPA application using MSAL causes:AADSTS9002326: Cross-origin token redemption is permitted only for the 'Single-Page Application'
- Azure AD Application can have SPA or Web App or we can have both?
- Azure AD Authentication with .NET Core Web API
- .NET Core 3.1 SPA + web API with Azure AD error on Authorize
- Secure an Azure app service (REST API) using Azure AD
- Options for SPA Angular Applications authentication with Azure AD and ADAL.
- Application access permission via App Registrations, Users and Groups, Azure Active Directory
- How many app registrations do I need in my Azure AD tenant