I have the following scenario that I am trying to develop:
One Web App (frontend developed in React)
One Web App (api core)
The application will allow users (multitenant) to do actions in their tenants by using the Graph API (via the Graph .net SDK).
The front end application will have app roles: Administrator, Platinum, Gold,etc.
The backend application will call the graph api to do actions like: Create Groups, Users, list user information, etc. However for the backend it should not matter who is logged in the fronted, it uses delegate permissions)
My question is about app registrations:
1. Should I create 2 app registration? One for the frontend (multitenant) and one for the backend (single tenant). or should I do in one app registration?
2. Should I create the app roles in both the frontend and backend? or only in the frontend
How should I setup the permissions from the frontend to the backend?