azure oauth azure-active-directory token access-token

Azure AD access token appid claim value

The Azure AD access token documentation describes the appid claim as:

The application ID typically represents an application object, but it can also represent a service principal object in Azure AD

However it doesn't say when it's the application object id, and when it's the service principal object id instead. Does anyone know how it works exactly?

Solution

The appid claim value is the value of the appId property on the Application object in Azure AD. It's also known as the client id/application id. The service principals corresponding to the app also have the appId property with the same value.

The objectId property is a different id. The Application object has an objectId, and all related service principals have their own unique objectId values as well. The appid claim will never contain an objectId. It is always the client id of the app that acquired the token.

Can't signin into microsoft account
TenantGuidNotFound when trying to send email using Microsfot GraphAPI
Azure Function App Kudu Functions API with empty response
Get Azure Active Directory password expiry date in PowerShell
Provision new SQL Azure database into existing, non-terraform managed SQL Server instance
Azure Logic App HTTP Request Authentication Scope
Get Log analytics workspace ID of a virtual machine in Azure connected to a workspace in a different subscription
Enabling minimum apiVersion to 2021-08-01 in Azure API Management causing saving issues or deployment errors for existing logic apps
Privileged Identity Management - My roles
Creating a VM in Azure using Powershell
Creating multiple function apps with one Flex Consumption plan
Azure Bicep reference existing resources from different subscriptions using ternary operators inside scope property
Trigger azure function on user registration in b2c
Migrating from validate-jwt to validate-azure-ad-token policy
Azure DevOps Pipeline Expression Evaluation
Using Event Hubs binding for Azure Functions with managed identities?
How to connect a microsoft SQL Server database to Open Data Discovery (odd-odd-platform)?
Cosmos DB for MongoDB private endpoint requests blocked by network firewall
Specifying SAS Token Authorization header with Azure REST API
Databricks ui is different between different Azure Tenants with activated SCIM Integration
Download large files in Azure image builder process
TriggerBuild Could not queue the build because there were validation errors or warnings
How to filter users in directory by company name with Microsoft Graph Java SDK?
How to get the azure subscription current cost using PowerShell
How to automate Azure Data Factory (ADF) credential updates from development to production using Azure DevOps?
Azure Form Recognizer Set API Version
Is there a way to deploy a azure function directly to a storage account with private endpoint
How do I flatten certain properties in a nested structure using Linq for Cosmos noSQL?
Unable to locate executable file: 'bash'. Please verify either the file path exists
"We're sorry, your sql database is unavailable" What does this mean exactly in Azure SQL?