Azure API Management Authenticate to Azure-AD Protected API — Example with Single Page Apps (SPA)

Modern authentication such as OAuth2.0 and OpenID Connect is commonly used in modern web applications and APIs. A common Simple Page Application (SPA) with modern authentication enabled has a similar flow as below (simplified):

Typical application flow