Feb 27, 2019 03:12 PM|mgebhard|LINK
It's improbable that you learned OAuth in the 3 hours since my post.
1. Should I register web api and client application (mvc, Android) on azure ad?
It depends on your security needs and what you are trying to secure and how. For example, is the calling user's identity needed in Web API? Or the fact that the web server is making the call is enough? Reading the openly published documentation helps
make these decisions.
2. Which one is best for above requirement ( server : web api, Client ( mvc, Android)
OpenId Connect (first link) or Oauth (2nd link) ?
OAuth/Open Id Connect are protocols generally used together. The actual implementation is driven by your security requirements which are unknown at this time. I recommend learning the different OAuth/Open Id Connect flows. This will help you to find a
Perhaps if you work on a team you can have a meeting and come up with security requirements.