You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/develop/authentication-scenarios.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,13 +58,13 @@ Applications can use claims for various tasks such as:
58
58
* Displaying user information
59
59
* Determining the subject's authorization
60
60
61
-
A claim consists of key-value pairs that provide information such as:
61
+
A claim consists of key-value pairs that provide information such as the:
62
62
63
-
*the Security Token Server that generated the token
64
-
*the date when the token was generated
65
-
*the subject, such as the user (except for daemons)
66
-
*the audience, which is the app for which the token was generated
67
-
*the app (the client) that asked for the token. In the case of web apps, this may be the same as the audience
63
+
* Security Token Server that generated the token
64
+
*Date when the token was generated
65
+
*Subject (such as the user--except for daemons)
66
+
*Audience, which is the app for which the token was generated
67
+
*App (the client) that asked for the token. In the case of web apps, this may be the same as the audience
68
68
69
69
For more detailed claim information, see [access tokens](access-tokens.md) and [ID tokens](id-tokens.md).
70
70
@@ -80,11 +80,11 @@ Applications can sign in users themselves or delegate sign-in to an identity pro
80
80
81
81
For an identity provider to know that a user has access to a particular app, both the user and the application must be registered with the identity provider. When you register your application with Azure AD, you are providing an identity configuration for your application that allows it to integrate with Azure AD. Registering the app also allows you to:
82
82
83
-
*customize the branding of your application in the sign-in dialog. This is important because this is the first experience a user will have with your app.
84
-
*decide if you want to let users sign in only if they belong to your organization. This is a single tenant application. Or allow users to sign in using any work or school account. This is a multi-tenant application. You can also allow personal Microsoft accounts, or a social account from LinkedIn, Google, and so on.
85
-
*request scope permissions. For example, you can request the "user.read" scope, which grants permission to read the profile of the signed-in user.
86
-
*define scopes that define access to your Web API. Typically, when an app wants to access your API, it will need to request permissions to the scopes you define.
87
-
*share a secret with Azure AD that proves the app's identity to Azure AD. This is relevant in the case where the app is a confidential client application. A confidential client application is an application that can hold credentials securely. They require a trusted backend server to store the credentials.
83
+
*Customize the branding of your application in the sign-in dialog. This is important because this is the first experience a user will have with your app.
84
+
*Decide if you want to let users sign in only if they belong to your organization. This is a single tenant application. Or allow users to sign in using any work or school account. This is a multi-tenant application. You can also allow personal Microsoft accounts, or a social account from LinkedIn, Google, and so on.
85
+
*Request scope permissions. For example, you can request the "user.read" scope, which grants permission to read the profile of the signed-in user.
86
+
*Define scopes that define access to your Web API. Typically, when an app wants to access your API, it will need to request permissions to the scopes you define.
87
+
*Share a secret with Azure AD that proves the app's identity to Azure AD. This is relevant in the case where the app is a confidential client application. A confidential client application is an application that can hold credentials securely. They require a trusted backend server to store the credentials.
88
88
89
89
Once registered, the application will be given a unique identifier that the app shares with Azure AD when it requests tokens. If the app is a [confidential client application](https://docs.microsoft.com/azure/active-directory/develop/developer-glossary#client-application), it will also share the secret or the public key*-depending on whether certificates or secrets were used.
0 commit comments