Hello,
Background:
Every MS Dynamics 365 Online instance has it's own AAD instance and in order to implement machine to machine communication we need register application (within D365 AAD), then it is possible to get OAuth2 access token via client_credentials flow.
This is working fine.
Problem:
But it is also possible to register application in different AAD instance and as a result get token for the same scope. For me it sounds strange and I think that something I missed here...
Is it possible to prevent token issuing for the scope which kind a belongs to us? Or maybe AAD is not working as I'm expecting?