I am confused abut the Delegated Permissions and I would like to explain why.
- I have created a app registration for a Backend API with 2 Scopes - Portfolio.Read and Portfolio.Write
- I have registered a client application for my Angular App. From that Angular App javascript code I am asking for the user to consent to api://BackendAppId/Portfolio.Read and api://BackendAppId/Portfolio.Write via the MSIL library...and it works - the user is shown the popup to consent and I get a JWT token containing in the scope the two consented permissions. I can use this token to call the BackendApi and the check on the scope is successfull
It is confusing because I was expecting the Portfolio.Read and Portfolio.Write to be added as Delegated Permission to the client App in order for this to work, but it is not necessary. So why then do I have to do this? What is the use case?
All the documentation and examples from Microsoft are requiring that the Delegated Permission to be configured...but if you skip this step, it still works.
Has anyone any idea regarding what am I doing wrong and where is the gap in my understanding?