![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 53%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,561 questions
Hello @Murugan Andezuthu Dharmaratnam ,
Thanks for detailed information.
Looking at above scenario, front end Teams Bot application (node js) receives token for "Azure Active Directory Graph API", easier way to verify this one is to decode JWT token which was acquired by front app from https://jwt.ms/ and see who is audience.
The aud claim in a token indicates the resource the token is intended for (its audience) and same token can not be reused other than specified audience.
Example:
Note: This token only applicable for Graph API and can't be reused to application B
In case if you wish to authenticate an MVC web application using an access token, then you must make sure token was received for MVC application and when you decode token it should contains either APP ID or APP URI of MVC application as the aud claim in a token.
To achieve this, you can still use "OAuth 2.0 On-Behalf-Of flow" as mentioned above this should work with API as well as MCV application
(OR)
Alternatively, You can leverage "client credentials flow" to let MVC application authenticate self and to avoid user interaction.
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.