Microsoft Azure Developer Associate AZ-204 Practice Question
Your JavaScript single-page application (SPA) signs users in with MSAL.js and obtains an access token for an Azure Function App that you built. Inside the function you must call Microsoft Graph on behalf of the signed-in user. Which authentication mechanism should you implement in the Azure Function to acquire a user-delegated token for Microsoft Graph?
Enable the function's managed identity and request the Mail.Read application permission.
Configure implicit grant for Microsoft Graph in the SPA and pass that token to the function without further processing.
Implement the OAuth 2.0 On-Behalf-Of flow using the function's application registration as a confidential client.
Use the client credentials grant by exchanging the SPA's access token for a Graph app-only token.
Because the function receives a user access token that is intended for its own API, it must exchange that token for another one that is valid for Microsoft Graph while preserving the user's identity and permissions. The Microsoft identity platform supports this scenario through the OAuth 2.0 On-Behalf-Of (OBO) flow. In OBO, the function (a confidential client) presents the incoming token as the "assertion" parameter to Azure AD and requests a new token for the downstream resource (Microsoft Graph). The managed identity approach produces an app-only token, not a user-delegated one. The client-credentials grant ignores the user context, and implicit grant in the SPA does not prevent token replay or enable the function to obtain a fresh Graph token, so both are unsuitable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the OAuth 2.0 On-Behalf-Of (OBO) flow?
Open an interactive chat with Bash
Why is an application token not suitable for user-delegated scenarios?
Open an interactive chat with Bash
Why can't implicit grant be used in this scenario?
Open an interactive chat with Bash
Microsoft Azure Developer Associate AZ-204
Implement Azure security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .