Failing to check for permissions in Azure AD access tokens leads to your API being vulnerable
The dangers of embedding secrets in native applications, and how to implement Azure AD authentication there without secrets
Some things to watch out for in your multi-tenant Azure AD applications that support a limited number of tenants
What is the OAuth ROPC flow, why it exists, and why you should not use it for most cases
Some points on why using wildcards (asterisks) in Azure AD app reply URLs may be a bad idea, and how to do it better
Compares two approaches to high-level authorization in an application: groups and app roles
Single Sign-Out enables you to clear the user's session immediately when they sign out from another app
Sending and receiving Azure Service Bus Queue messages with zero credentials utilizing Azure Managed Identities
In the second part we add custom delegated and application permissions to an ASP.NET Core API and also talk about multi-tenancy.
We go through new features in Azure AD MSI, e.g. identities which can be shared across services.