DEV Community

Discussion on: Secure Open API (Swagger) calls with Azure Active Directory

christosmatskas profile image
Christos Matskas Author

Hi Chris, thanks for the comment. The .NET Interactive Notebook sets up 2 App Registrations. One of them is used by the API to validate incoming tokens and scopes. The second one is used by the Swagger UI to acquire an Access Token and call the API endpoints. Please note that we don't use and encourage against implicit flows at all times. The current implementation uses Auth Code with PKCE. Ping us if you have any questions