I'm developing a serverless micro services application in Azure.
In-order to securing the APIs, I have registered both Service & Client Application with Azure AD and grand API access to client app.
So, In API Management instance I have updated the in-bound policies (to Verify JWT token) based on Azure AD configuration. Now its working as expected.
But my question is without adding any configuration in API Management console "OAuth 2.0" section, how its working?
How OAuth 2.0 configuration is different from In-bound policies settings in Azure API Management?