I suggest you ...

Improve/align OAUTH2 documentation

AAD's manual describes the common grant flows used by OAUTH2, however, there is some problems with the documentation in my opinion.

If you implement applications you might experience that:

1) the ADAL documentation does not align with the AAD OAUTH2 manual, thus you may not know exactly which grant flow is behind the ADAL APIs, nor which ADAL APIs you have to use in order to use a particular OAUTH2 grant flow... or how to appropriately register an application in AAD for either scenario.

2) the terminology differs between the AAD OAUTH2 manual, the app registration portal itself, ADAL APIs and the OAUTH2 spec, i.e. Native/Web API vs Confidential and public clients.

3) There should be a stronger link between specific use cases and the appropriate grant flow/ADAL APIs. There are common use cases that are not described at all, i.e. daemon clients that cannot have the broad set of privileges that are offered when using client credential grant flow.

4) The AAD OAUTH2 manual is not always clear on which application type (native vs Web API) you need to register AND what the implications of this is.

1 vote
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Sverre shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base