Exam AZ-204 topic 4 question 21 discussion

Second answer is incorrect. Well, oauth2Permissions can only accept collections value like an array not a boolean. It should be oauth2AllowImplicitFlow.

Box 1: groupMembershipClaims Personalization of the website must be based on membership in Active Directory groups. Group claims can also be configured in the Optional Claims section of the Application Manifest. Enable group membership claims by changing the groupMembershipClaim The valid values are: - "All" - "SecurityGroup" - "DistributionList" - "DirectoryRole" Here we need to mention that we want to get the groups for the users. Hence we need to mention to set the groupMembershipClaims property to All. Box 2: oauth2AllowImplicitFlow Azure AD users must be able to login to the website. auth2Permissions can only accept collections value like an array, not a boolean. oauth2AllowImplicitFlow accepts boolean value. Here from the list of options given, if we want the application to fetch the required tokens , we would need to allow Implicit Flow.

Why not "allowPublicClient"? If some logic is implemented in Javascript and running in the browser, the app would count as a public client, and we'd potentially have to turn this flag on. It is certainly not a weirder choice than turning on the deprecated implicit flow.

I Agree with : 1) groupMembershipClaims 2) oauth2AllowImplicitFlow

If its implictflow, why answer not yet changed?

Got this question on 28/09/2023

got this question on 06-29-2023

This question was in today's exam on 10-June-2023

ChatGPT 1) groupMembershipClaims 2) oauth2AllowImplicitFlow { "signInAudience": "AzureADMyOrg", "groupMembershipClaims": "SecurityGroup", "appId": "<app ID>", "appRoles": [], "availableToOtherTenants": false, "displayName": "<app name>", "oauth2AllowImplicitFlow": false, "optionalClaims": { "idToken": [], "accessToken": [] }, "publisherDomain": "<your domain>", "requiredResourceAccess": [] }

Got this in the exam today ! Nov 25, 2022

It must be oauth2AllowImplicitFlow because it is boll type in contrast to collection type. Look carefully picture.

1) groupMembershipClaims 2) oauth2AllowImplicitFlow

Check Point - how many folks knew the correct answer before reading/researching?

According to https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest optionalClaims => "All" might not be allowed groupMembershipClaims => "None", ... "All" allowPublicClient => boolean oauth2Permissions => collection requiredResourceAccess => collection ouath2AllowImplicitFlow => boolean So first has to be "groupMembershipClaims" (can also be inferred from the requirements). "allowPublicClient" seems to be meant for special cases not required here, there is only "oauth2AllowImplicitFlow" which makes sense for a website.

Got this one 02/2022. Went with: 1) groupMembershipClaims 2) oauth2AllowImplicitFlow

Got this on the exam!

Got this one 01/2022. Went with most voted (to avoid writing answers again)