Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My favourite pet peeve is that it uses a bunch of indistinguishable random guids, all of which have two names for no discernible reason whatsoever.

So the doco and the UI ends up littered with things like:

    PrincipalId (ClientId)
There’s at least six of those and I honestly can’t remember which pairs with which or what the difference is… which I’m sure is security-critical… somehow.


An App registration is the overall object. Think of it like a class in OOP. An enterprise app is an instance of an app registration. Think of it like an object in OOP.

For single tenants this might seem confusing, because you have both for a single app.

But if you were to have multi-tenants apps, each tenant would have their own Enterprise App instance, all referencing the same App Registration.

appId is for App Registrations.

objectId is for Enterprise Application Registrations.

clientId will be same as appId. It is used in the context of authentication, where it is the id of the object as client.


The problem is that those “id” names have nothing to do with what they’re pointing at.

“EnterpriseAppId” and “AppRegistationId” would make sense.

ObjectId is meaningless nonsense. Everything is an object! Everything has an Id! This tells you nothing specific.


Well, it kind of does. AppId points to an app registration. Object id points to an object. This can be an Enterprise App registration, but also a user object.

ClientId again is the id of the client, which does not have to be an app registration specifically.

I do agree it can be very confusing


That’s the clearest and most concise explanation I’ve heard after years of working with this stuff.

You should make a YouTube channel in the style of 3b1b.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: