The standard and in some cases, only supported way of authenticating against services within the Microsoft’s ecosystem is by Azure Active Directory (Azure AD)/OAuth v2 approach. Simple yet obscure to many. Perhaps, this guide would help to simplify things.

In short form, to interact with the Microsoft identity platform, Azure Active Directory (Azure AD) must be made aware of the application you create (that needs to grant access).

This application is setup with permission privileges and client credentials within AAD. The clients then begin to sends access request, AAD receives it and issues a token, the token is sent to the application, the application recognizes the token and grant the access.

What is OAuth v2.

Otherwise known as OAuth2 or OAuth 2.0, is the industry protocol for authorization. It allows a user to grant limited access to its protected resources.

OAuth 2.0 is directly related to OpenID Connect (OIDC). Every ISV like Microsoft can choose to implement this protocol in their own way. Microsoft does it via the Azure Active Directory on its Identity Platform.

Microsoft Identity Platform

The Microsoft identity platform performs identity and access management (IAM) only for registered applications. Whether it's a client application like a web or mobile app, or it's a web API that backs a client app, registering it establishes a trust relationship between your application and the identity provider, the Microsoft identity platform.

Azure Active Directory

Azure Active Directory (Azure AD), part of, is an enterprise identity service that provides single sign-on, multifactor authentication. It is an identity provider. This is what facilitates the OAuth2.0 implementation. The client apps will be registered here.

Resource Owner

This is the owner of the resource that is being requested at any point in time. This is usually an end-user. The the end-user consent to or deny your app's request to access their data.

Resource Server

This is your application. The resource server hosts or provides access to a resource owner's data. Usually it does this also via an API. It relies on the tokens issued by the Authorization server (AAD) and use that to deny or grant access to the user.

How it all comes together

In my next post, we will explore implementing this in a typical Dataverse scenario. Using this to access resources via the web api.

That’s it.