You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/develop/scenario-desktop-app-registration.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,35 +27,35 @@ This article contains the app registration specificities for a desktop applicati
27
27
28
28
## Supported accounts types
29
29
30
-
The account types supported in desktop application depend on the experience you want to light-up, and therefore on the flows you want to use.
30
+
The account types supported in desktop application depend on the experience that you want to light up. Because of this relationship, the supported account types depend on the flows that you want to use.
31
31
32
32
### Audience for interactive token acquisition
33
33
34
-
If your desktop application uses interactive authentication, you can sign in users from any [account type](quickstart-register-app.md#register-a-new-application-using-the-azure-portal)
34
+
If your desktop application uses interactive authentication, you can sign in users from any [account type](quickstart-register-app.md#register-a-new-application-using-the-azure-portal).
35
35
36
36
### Audience for desktop app silent flows
37
37
38
-
- If you intend to use Integrated Windows authentication or username/password, your application needs to sign in users in your own tenant (LOB developer), or in Azure Active directory organizations (ISV scenario). These authentication flows aren't supported for Microsoft personal accounts
39
-
- If you want to use the Device code flow, you can't sign in users with their Microsoft personal accounts yet
38
+
- If you intend to use Integrated Windows authentication or username/password, your application needs to sign in users in your own tenant (LOB developer), or in Azure Active directory organizations (ISV scenario). These authentication flows aren't supported for Microsoft personal accounts.
39
+
- If you want to use the Device code flow, you can't sign in users with their Microsoft personal accounts yet.
40
40
- If you sign in users with social identities passing a B2C authority and policy, you can only use the interactive and username-password authentication.
41
41
42
42
## Redirect URIs
43
43
44
44
Again the redirect URIs to use in desktop application will depend on the flow you want to use.
45
45
46
-
- If you're using the **interactive authentication** or **Device Code Flow**, you'll want to use `https://login.microsoftonline.com/common/oauth2/nativeclient`. You'll achieve this configuration by clicking the corresponding URL in the **Authentication** section for your application
46
+
- If you're using the **interactive authentication** or **Device Code Flow**, you'll want to use `https://login.microsoftonline.com/common/oauth2/nativeclient`. You'll achieve this configuration by clicking the corresponding URL in the **Authentication** section for your application.
47
47
48
48
> [!IMPORTANT]
49
49
> Today MSAL.NET uses another Redirect URI by default in desktop applications running on Windows (`urn:ietf:wg:oauth:2.0:oob`). In the future we'll want to change this default, and therefore we recommend that you use `https://login.microsoftonline.com/common/oauth2/nativeclient`
50
50
51
51
- If your app is only using Integrated Windows authentication, Username/Password, you don't need to register a redirect URI for your application. Indeed, these flows do a round trip to the Microsoft identity platform v2.0 endpoint and your application won't be called back on any specific URI.
52
-
- In order to distinguish Device Code Flow, Integrated Windows Authentication and Username/Password from a confidential client application flow, which doesn't have redirect URIs either (the client credential flow used in daemon applications), you need to express that your application is a public client application. This configuration is achieved by going to the **Authentication** section for your application, and in the **Advanced settings** subsection, choose **Yes**, to the question **Treat application as a public client** (in the **Default client type** paragraph)
52
+
- In order to distinguish Device Code Flow, Integrated Windows Authentication and Username/Password from a confidential client application flow, which doesn't have redirect URIs either (the client credential flow used in daemon applications), you need to express that your application is a public client application. This configuration is achieved by going to the **Authentication** section for your application, and in the **Advanced settings** subsection, choose **Yes**, to the question **Treat application as a public client** (in the **Default client type** paragraph).
53
53
54
54
55
55
56
56
## API permissions
57
57
58
-
Desktop applications call APIs on behalf of the signed-in user. They need to request delegated permissions. They can't request application permissions (which are only handled in [daemon applications](scenario-daemon-overview.md))
58
+
Desktop applications call APIs on behalf of the signed-in user. They need to request delegated permissions. They can't request application permissions (which are only handled in [daemon applications](scenario-daemon-overview.md)).
0 commit comments