Building Applications and Solutions with Microsoft 365 Core Services (legacy) — Question 6
You need to develop a server-based web app that will be registered with the Microsoft identity platform. The solution must ensure that the app can perform operations on behalf of the user.
Which type of authorization flow should you use?
Answer options
- A. authorization code
- B. refresh token
- C. resource owner password
- D. device code
Correct answer: A
Explanation
The authorization code flow is designed for server-based applications and allows the app to obtain an access token to perform actions on behalf of the user. The refresh token flow is used to obtain new access tokens but does not directly allow actions on behalf of the user. The resource owner password flow is less secure and not recommended for new apps, and the device code flow is intended for devices without a browser, making them unsuitable for this scenario.