From what I can see clients can only authenticate to API apps interactively. This, like others said, makes automated authentication difficult. It would be great to support certificate authentication, much like the Azure Management API does, i.e. https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx#bk_cert
Thank you for your feedback!
For the time being you can use service principle auth to programmatically authenticate with an API if you are using AAD auth. https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-dotnet-service-principal-auth
We would like to add general cert auth to App Service authentication/authorization in the future. I am placing this item in “unplanned” to be used in future planning sessions.
Azure App Service Team
Rafa Sanchez commented
There has been some progress on this issue?
We are developing a windows service application, it uses Microsoft Graph in order to do some operations into a domain: CRUD users, Calendar, Mail, OneDrive.
We can do those operations correctly using interactive authentication/Authorization with an administrator user to the Azure AD domain asociated to the Office365 account.
But we need to do this in daemon mode, by using a certificate, like this example: https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential
We try to do this using portal.azure.com, creating a certificate and modifying Manifesto (inserting appropiate keys into "keyCredentials").
But after obtain an Access Token, when doing the request to operation (for example, send a mail) the response obtained was " Access is denied. Check credentials and try again."
We don't have an Azure subscription, only an Office365 for developer subscription. The final product must work using an Office365 Education license.