app 1 calls app 2 so which SP credentials should we provide

JA 111 Reputation points

Hi Team, i want to clear 1 confusion.
we have an application which can be called by multiple apps.
So in order to accomplish service to service authentication, which Service principal should I use during authentication using java MSAL libraries?
should the Service principal credentials belong to the "caller application" or the "callee application"?
I see that in all samples, SP is hardcoded in property files, this shows that they belong to "callee application" but in that case do we share the SP with all the calling application?

And how about if we want to restrict few applications?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,543 questions
0 comments No comments
{count} votes

Accepted answer
  1. Cristian SPIRIDON 4,466 Reputation points

    Hi JA-9673,

    You have to use the caller credentials. The authentication us performed against the identity endpoint who check if the caller is who it pretended to be and return a token with specific claims.

    In the callee you can check the claims and allow/block access.

    Hope this helps!

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful