Allow App Owners to approve permission requests to their own application
We would like to use Azure AD as our authentication and authorization framework for all APIs, however, one issue we believe we have run into is the requirement that an Administrator must approve all Application only requests (vs the expected below).
Our company has two app registrations
- Business API 1
- Scope: Feature.Critical (application role)
- Business API 2
Business API 2 requests Application only Feature.Critical permission of Business API 1.
The Azure AD App Owner(s) of Business API 1 are the SMEs for this permission knowing best what data and functionality may be released. The App Owner(s) should be able to manage the permission of its consumers and approve or deny the request from Business API 2.