Feb 28, 2019 04:28 PM|mgebhard|LINK
Is the following approach is suitable for my requirement?<br>
I need to secure my web app with azure ad, client apps (mvc, spa, andriod) need consume web api
is not suitable, IMHO, for MVC, Web API, or Device (android) applications. This information is clearly and openly published in the linked documentation above. Aside form the grant type issues
ADAL is used in an Angular application and only relevant in a SPA application that implements Angular.
IMHO, there is no way to design an OAuth/Open ID Connect solution without understanding the protocol. I recommended hiring an expert to help you get through the tech if you do not have the time to learn the fundamentals.