User consent for Obo.Api.One to access Obo.Api.Two on the user's behalf #1
Description
Hi!
thanks for the detailed summary how to accomplish the OBO flow on Azure with 3 App registrations. I've done the exact same and it works. However, I was wondering why no consent from the user to is required? Obo.Api.One will access Obo.Api.Two on behalf of the user but no consent was asked? It still works without "Grant Admin Consent" in the API permissions section for Obo.Api.One. The only thing required, is to pre-authorize the client application.
Looking forward to your answer!