Hi Community ,
Registered OData interface app in AAD ,Shared client ID and APP secret key to developer ,Registered app in D365 with client ID but do not set up delegated permission still app is working in the environment .
Environment is Microsoft managed environment .
The App is OData interface utilizing the OData end points of standard data entities where IS Public ="Yes"
Also OData endpoints of standard /custom services can be consumed without assigning permission to the APP.
There are 2 Links I could find
1. Service End points :
Here it mentioned to set up delegated permission "ERP Permission " on the APP
Enter a name that identifies the external application that you're registering. For an application that will authenticate by using a shared secret, select Web app / API. In this context, the sign-on URL doesn't matter. Therefore, use localhost.
Select the new application, and copy the application ID. You will require the application ID later to request an Azure AD authentication token. Select Required permissions.
Select Add, and then select Select an API.
Select Microsoft Dynamics ERP (Microsoft.ERP). If you search Microsoft Dynamics ERP in the search field within Select an API it might appear to be greyed out. In that case, make sure you look for the full name as shown above.
Under Delegated permissions, you must select, at a minimum, the following options:
- Access Dynamics AX Custom Service
- Access Dynamics AX data
- Access Dynamics AX online as organization users
-> Sign On URL : In this context sign on URL does not matter so LocalHost
-> Need to set up ERP Permission .
2. Warehouse Mobile APP :
Install and configure warehouse App
Here every step is same as for service point Documentation but 2 difference is present
> Enter a name for the application and select Web application/web API. Enter the sign-on URL, which is your web app URL. This URL is the same as your deployment URL, but oauth is added to the end. Click Create.
->Sign ON URL :https:// AX -URL/oAuth
->No Specification of assigning delegate permission set on the App.
So My question is
While registering a new app in the azure portal to confirm the scenarios:
1. When it is required to assign permission set to the App in the azure portal (As mentioned in service endpoints documentation, Assigning the delegate permission set to the App in the Azure portal ) .
2. When it is not required to assign permission set to the App in the azure portal ( E.g. for Warehouse mobile applications there is no steps mentioned in the document assigning the permission set to the App.)
3. Does This Sign On URL make any difference while registering app in azure portal ?
4. What is the significance of Assigning delegate permission to the App?
5. Why some app can work without assigning the delegate permission and why some app required delegate permission ?
6. So if we want to utilize OData end points of data entity it is not required to set up permission on App coz they are public ?
