I am developing an ASP.NET MVC Application which has to access office365 APIs. I used the description here in order to get an app only access token.
Now after running the application I got to the AAD consent flow in order to get the token id, so I can get the tenant ID. The tenant ID is needed to generate a valid access token.
My question now is: Can is safely store the tenantID in a db and use it everytime I call the api to get an access token?? Or does the tenantID change from time to time? It worked with the same tenantID with my last tries, cause I just changed my application after received the tenantID to not visit azure AD instead to just make some API calls.
Can my application always use the same tenantId in order to receive an access_token?
edit: changed "token" to tenantId due to confusion.
In Azure Active Directory (Azure AD), a tenant is representative of an organization. It is a dedicated instance of the Azure AD service that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Office 365. Each Azure AD tenant is distinct and separate from other Azure AD tenants.
How to get an Azure Active Directory tenant
As such, your existing Azure AD's tenant Id will not change. Only when you create a new Azure AD then you will get a distinct tenant Id for the new AD.
To answer your questions below:
Yes you can safely store your tenant Id in a DB as long as you're only always using the same Azure AD
No, the explanation is already given above
Yes. To be more precise, your application needs to presents its client credentials to the OAuth2 token issuing endpoint, and in return gets an access token that represents the application itself without any user information.
Hope my answers are clear and easy to understand for you and helps you to resolve the issues.