Our app which consists of micro services and for these microservices we are using azure ad oauth client credentials
flow for authorizing our clients. We registered each micro service in azure ad and adding custom roles to them and
we are trying to add these application permissions to our client apps who consuming our services. We were unable
to add these permission as we got blocked with admin permissions and unable to see roles in jwt a token.
In this process, we tried to get graph API permission AppRoleAssignment to add those permissions to our client apps.
Unfortunately, due to security issue our organization unable to give admin permissions to add application permissions
through graph API as AppRoleAssignment gives an SPN the ability to assign a given role to an app. So it gives it a broad
role to really effectively turn itself or any other SPN to a Global Admin. What is the alternative way to use an azure ad oauth
for service to service interaction with out the need of admin grant permissions?? Can we use authorization code flow with oauth scopes, but it is asking users to sign in to get the code?