Use Azure AD Access Token to Call a Second Azure Application

Problem statement

An application uses Azure AD to authenticate. Within this AD domain, there is a second application, and there is a requirement to access it via the same domain API, using the access token that is returned as part of the Auth0 login flow.

Furthermore, it is desired to use the same user session and its JSON Web Token ( JWT ) to call another Azure app API.

Explain whether this scenario is feasible or whether it is necessary to re-authenticate to Auth0 for another Azure app under the same domain.

Solution

This problem is not specifically related to Auth0.

The requirement here is to use the identity provider (Azure in this case) access_token received during the first Application authentication to call the second Azure application under the same domain API.

Whether this is feasible would depend on whether the instance of Microsoft Azure AD will permit the use of an access_token from one application to call another Application API.

Refer to this Microsoft document for details about this type of use case: Use Azure AD Access Token to Call a Second Azure Application

Related References