@vtyagunov - 1.Permissions we need to include in App Registration, to access Azure App Configuration -Azure AD: Custom Application Consent Policies - Microsoft Tech Community
2.Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft identity platform | Mi...

@Sayali-MSFT Thanks for sharing these resources.

We are getting through them to understand more about the flow. 

Actually, we have one more question:
In the react feature flags sample. there are steps for creating new AAD app:

• In the API permissions section, select Add a permission and choose APIs my organization uses.
• Pick Azure App Configuration and select the checkboxes and then click Add permissions. This would allow the application to access Azure App Configuration on behalf of the signed-in user.

   

We tried to create an App following these steps, but there was no "Azure App Configuration" item in "APIs my organization uses" section.
Could you please clarify, what might be a reason of that item not showing up?

As I understood, the cause might be the fact that we don't have a subscription for Azure App Configuration. In fact, the APIs my organization uses section is about our organization's APIs, our Azure App Configuration.
But the goal is to use customer's App Azure Configuration, not ours. Could you please confirm if this is achievable?

Thanks,
Vladimir

@vtyagunov-Are you developing any Microsoft Teams app?

@Sayali-MSFT 
Yes, we are developing an MS Teams Tab app with react.
And we want to make it a multi-tenant.
And we want to make it configurable via customer's Azure App Configuration key-value pairs.

@vtyagunov -Here is sample for refence-Microsoft Teams 'Todo List' sample tab app - Code Samples | Microsoft Docs
https://github.com/OfficeDev/Microsoft-Teams-Samples/tree/main/samples/app-auth/nodejs

Hi, @Sayali-MSFT !

Thank you again for the above resources and samples, We reviewed them and unfortunately, those are not really about the things we asked.

We are aware on the how to configure the Azure App and how to setup authentication in MS Teams app.

What we asked is how to access organization's Azure App Configuration on behalf of signed-in user in a multi-tenant app.

Let's say, we own Tenant A and we registered the Azure App under Tenant A.
We distributed the app (manifest file) to other tenants / customers. (Tenant B, Tenant C and etc)
We also enabled Azure App Configuration and saved a json for a specific key.

We want to use it only for users from our tenant.
Users from other tenant has to receive a different json, a json for the same key, but from their Azure App Configuration service.

The desired behavior is -
1. When an Tenant B user signs in - the app has to get the key-value pair from Azure App Configuration in Tenant B.
2. When an Tenant C user signs in - the app has to get the key-value pair from Azure App Configuration in Tenant C.
3. And so on...

By any chance, can you confirm if this is possible?

Thanks!