It's therefore important that you make all of the necessary checks to verify the validity of your requests and the responses.
This section provides instructions on how to configure Azure AD with a single-page application (SPA) so that users can authenticate through it and make requests to the WorkflowGen GraphQL API. This configuration is done in three steps: registering your SPA, granting access to the API, and setting some redirect URLs.
Make sure to have a licensed copy of WorkflowGen installed and running on a server.
Make sure to have administrative access to Azure AD to be able to configure it properly.
Make sure to have provisioned an existing Azure AD user with which you can authenticate to WorkflowGen so that you can use the application afterwards.
Make sure to have successfully configured delegated authentication to Azure AD on your WorkflowGen instance following the instructions in the Azure Active Directory authentication section.
In the Azure portal, click App registrations in the Azure Active Directory section.
Click New application registration, and fill in the properties:
Your SPA name
Web app / API
https://<your SPA login url>
Click Create at the bottom of the page.
You should now be in your newly registered application's overview page.
Now that you've successfully registered your SPA, you need to grant it access to the WorkflowGen API, which should be already registered if you've met the prerequisites.
In the API Access section, click Required permissions, then click Add.
Click Select an API.
Search for the WorkflowGen GraphQL API application that you registered and select it.
Click Select permissions, then check all of the checkboxes.
You should now see the WorkflowGen GraphQL API in the list of your registered SPA's required permissions. Therefore, when requesting an access token to Azure, based on the audience you should be able to obtain a correct token that you will send to your WorkflowGen instance's GraphQL API in addition to the request.