Goal: I have api hosted in azure - app service. Authentication is set to use azure ad. I have an app host externally. I'm trying to make a simple request but keep getting access denied.
After creating two apps in Azure ad, one for backend api(web api app service authentication configured to use registered app) and one for client app(required permission granted access to first app), I make a call to get the the access token, I get a token- client credential grant. When I use that token to make a call to an API, I get an access denied.
From scouring through all the docs, my understanding is that by registering the two apps and granting permission for client app to access the backend app, when you get the access token by using the client credential(client_id +secret), you should be able to make a request to the backend app with the token. I'm not going through api management. Is there something i'm missing(obv i'm missing something)? Is there an app service setting that i'm overlooking? Any suggestion would be great.
