app 1 calls app 2 so which SP credentials should we provide

JA 131 Reputation points
2022-10-21T11:15:29.063+00:00

Hi Team, i want to clear 1 confusion.
we have an application which can be called by multiple apps.
So in order to accomplish service to service authentication, which Service principal should I use during authentication using java MSAL libraries?
should the Service principal credentials belong to the "caller application" or the "callee application"?
I see that in all samples, SP is hardcoded in property files, this shows that they belong to "callee application" but in that case do we share the SP with all the calling application?

And how about if we want to restrict few applications?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,794 questions
0 comments No comments
{count} votes

Accepted answer
  1. Cristian SPIRIDON 4,476 Reputation points
    2022-10-23T13:20:49.223+00:00

    Hi JA-9673,

    You have to use the caller credentials. The authentication us performed against the identity endpoint who check if the caller is who it pretended to be and return a token with specific claims.

    In the callee you can check the claims and allow/block access.

    Hope this helps!

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.