These app registrations are used by the SharePoint Framework when making calls to Azure AD secured APIs. They are created for you automatically and are managed using the process described below.
In SharePoint Framework code you make Azure AD permission requests by adding a webApiPermissionRequests
element inside the config/package-solution.json file.
"webApiPermissionRequests": [
{
"resource": "Microsoft Graph",
"scope": "User.ReadBasic.All"
}
],
Then, when the app package for the SharePoint Framework solution is deployed, the admin can approve the permission requests using the API access page in the SharePoint Admin Center.
Behind the scenes, changes made in the API access page are changing the permissions associated with the SharePoint Online Client Extensibility Web Application Principal app registration.