What is the difference between Azure AAD App ObjectId and ApplicationId?

Question

What is the difference between AzureAAD App ObjectId and ApplicationId, is there a specific reason that both are exposed to users? Is there a use case where ObjectId is definitely required over ApplicationId?

Answer 1

An app registration in Azure AD results in an Application object. All objects in Azure AD have an object ID. When you making an API request to address a specific Application object, you would use the object ID:

GET https://graph.windows.net/{tenant-id}/applications/{object-id}?api-version=1.6

An Application object's object ID is only relevant in the same tenant where the app is registered, and is only ever used to identify that object.

An Application objects's appId attribute is used used across tenants, and on more than one object type. There are two primary uses:

1. To identify the app in various sign-in and token flows (e.g. client_id in OAuth 2.0 and OpenID Connect).
2. To uniquely identify the backing Application object of a ServicePrincipal object. (Think of the ServicePrincipal object as the "instance" of the app in a given Azure AD tenant.)