This approach uses Oauth2 auth code flow, which requires the user or service account being logged in Microsoft Azure system.
First the user initiates the initial authentication request with Aspire, which redirects the user to Microsoft login page to consent the permissions being requested.
If consented, Microsoft returns a redirection back to the Aspire Admin UI with the authorization code as a parameter.
Aspire then uses this code to request a Refresh Token from Microsoft and stores it securely for it to be used in future crawls.
Aspire redirects the user back to the Aspire Admin UI.