🔥 3-day streak
Microsoft Azure Solutions Architect Expert112 / 187
Question 112 of 187
A company builds a web API (API-A) that must call a downstream API (API-B) on behalf of the signed-in user. Both APIs are registered in Microsoft Entra ID. The security team requires that the downstream call preserve the user's identity and delegated permissions rather than using an application-only identity. Which OAuth 2.0 flow should you recommend for API-A to obtain a token for API-B?
Reviewed for accuracy · Report an issueNext question