![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 43%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETC%3C/text%3E%3C/svg%3E)
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,408 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Thanks for reaching out.
I understand you are looking for detailed information on each endpoint mentioned on Application Registration page.
Please find the description of each endpoint:
1.OAuth 2.0 authorization endpoint (v2)
https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize
This is v2 authorization endpoint which is used to identify the user to get authenticated or obtain an authorization code and IdToken from Azure AD which is then later exchanged for an access token. This endpoint usually requires during OAuth 2.0 Authorization code grant flow to get authenticated using Microsoft identity platform endpoint.
2.OAuth 2.0 token endpoint (v2)
https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
The v2 token endpoint is used by the application in order to get an access token or a refresh token. It is used by all flows except for the Implicit Flow because in that case an access token is issued directly. This endpoint performs authentication and authorization in majority of application types, including server-based applications. It enables apps to securely acquire access tokens which can be used to access resources that are secured using the v2.0 endpoint.
3.OAuth 2.0 authorization endpoint (v1)
https://login.microsoftonline.com/{tenant-id}/oauth2/authorize
This is similar to above one except it is used to get authorize code from v1 endpoint.
4.OAuth 2.0 token endpoint (v1)
https://login.microsoftonline.com/{tenant-id}/oauth2/token
This is used to get access token from v1 endpoint.
As mentioned, the above endpoint works similarly as mentioned above except these are v1 endpoints which authenticate and authorize Azure AD identities by requesting tokens from Azure AD v1.0 endpoint. Major difference between v1 and v2 endpoints are:
Earlier Microsoft had two very distinct systems for authenticating users; Microsoft Account (or MSA) and Azure Active Directory (or Azure AD). Both served the same purpose but for very different audiences.
The v2 Endpoint allows applications to authenticate both Microsoft Accounts and Azure AD accounts using a single OAUTH2 endpoint.
We recommended to use v2 endpoints as v1 is going to be deprecated soon.
5.OpenID Connect metadata document
https://login.microsoftonline.com/{tenant-id}/v2.0/.well-known/openid-configuration
Once you will get the access token using token endpoint, token need to verify to validate the authenticity of the JWT token’s data is by using Azure AD’s public key to verify the signature.
You can obtain public key by calling the public Azure AD OpenID configuration endpoint and verify against the private key generated by Azure AD token.
For validation, developers can decode JWTs using jwt.ms.
6.Microsoft Graph API endpoint
https://graph.microsoft.com
You can make requests to Microsoft Graph API using access token obtained using Microsoft identity platform token endpoint. Microsoft Graph endpoint enables you to read and write based on the scopes in the access token to access Microsoft Cloud service resources.
7.Federation metadata document
https://login.microsoftonline.com/{tenant-id}/federationmetadata/2007-06/federationmetadata.xml
Azure AD publishes federation metadata at this endpoint. This is tenant-specific federation metadata includes information about the tenant, including tenant-specific issuer and endpoint information. You can view the federation metadata document by typing this URL in a browser for your tenant.
8.WS-Federation sign-on endpoint
https://login.microsoftonline.com/{tenant-id}/wsfed
This endpoint is used of single sign-in and single sign-out in WS-Federation protocol. The federation metadata includes the URL that Azure AD uses for WS-Federation in PassiveRequestorEndpoint element.
9.SAML-P sign-on endpoint and SAML-P sign-out endpoint
https://login.microsoftonline.com/{tenant-id}/saml2
This endpoint is used of single sign-in and single sign-out in SAML 2.0 protocol. The federation metadata includes the URL that Azure AD uses for WS-Federation in PassiveRequestorEndpoint element.
Hope this will help. If you have any other query regarding these endpoints, please let us know.
Thanks,
Shweta
------------------------------------------------------------------
Please remember to "Accept Answer" if answer helped you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 91%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERL%3C/text%3E%3C/svg%3E)