We want to build an internal CLI for our techs to interact with ImmyBot, and we’d like each tech to authenticate as themselves rather than share an application credential. The current Inbound Integration setup with a client secret works fine for backend automation, but it isn’t a good fit for an interactive tool used by multiple people. Everyone ends up with the same permissions, and we’d rather not hand client secrets to humans at the terminal.
Does the ImmyBot Entra app (client_id d460fc7c-4cfd-4714-bd0f-ab11bf875783) expose a delegated scope that a separate native client could request on behalf of a user? What we’d like to do is register a public client app in our own tenant, have the user sign in through MSAL with PKCE or device code flow, and then send the resulting Entra access token as a bearer to [ourinstance].immy.bot/api/v1/*. The CLI would then operate with the signed-in ImmyBot user’s permissions, with no shared secret involved. If that isn’t supported today, could you consider it as a feature request?