I am setting a background process which will communicate with API secured by Azure AD. Without giving delegate access to API, Client App is able to generate access token
Using client credential flow, Is it possible to generate access token for web api without giving delegate permission. I am able to generate it but according to it should not happen. Any app created in my tenant is able to generate the token for web api without delegate permission.
I have followed below sample on github. https://github.com/Azure-Samples/active-directory-dotnet-daemon
It should not be able to generate access token, if no delegate access is provided.