Answered

you are developing an azure app service web app. the web app calls an api to retrieve the current weather conditions in json format. the web app and api are secured by using azure active directory (azure ad). you need to implement an authenticated request from the web app to the api. what should you use? select only one answer. the implicit authentication flow the authorization code authentication flow the on-behalf-of authentication flow the client credentials authentication flow use the device code authentication flow.



Answer :

jpshindell13

Answer:

To implement an authenticated request from the web app to the API in this scenario, you should use the on-behalf-of authentication flow.

The on-behalf-of flow allows a resource owner (in this case, the web app) to request access to a protected resource (the API) on behalf of a user, using an access token obtained for the user. This flow involves three parties: the user, the resource owner (web app), and the resource (API).

The first step in this flow is for the user to authenticate with Azure AD and obtain an access token for the web app. The web app can then use this token to request an access token for the API on behalf of the user, by sending the token to the Azure AD token issuance endpoint and including the necessary parameters in the request. The Azure AD token issuance endpoint will then validate the token and, if it is valid, will issue a new access token for the API.

The other authentication flows listed in the question (implicit, authorization code, client credentials, and device code) can also be used for authenticated requests in different scenarios, but they are not suitable for this specific scenario where the web app needs to request access to the API on behalf of a user.

Explanation:

Other Questions