Hi Guys,

CMS v11.12
Content Delivery API v2.19.0

I'm seeking further clarification to an older similar question asked here

https://world.optimizely.com/forum/developer-forum/CMS/Thread-Container/2020/12/content-delivery-api---401-unauthorized/

I have also successfully setup integration between Optimizely and AAD as per docs here

https://docs.developers.optimizely.com/content-management-system/v11.0.0-cms/docs/integrate-azure-ad-using-openid-connect

My questions are around Content Delivery API, AD and authentication. 

Can anyone explain exactly how this should be setup?

I think I need to retrieve a token from AD i.e. https://login.microsoftonline.com/{0}/oauth2/v2.0/token, and validate myself by overriding Authorize in ContentApiAuthorizationService as per https://krompaco.nu/2018/12/content-delivery-api-and-custom-authorization/ but I'm not entirely sure and can't get this working.  If this is correct can anyone provide an example of what is validated?

Should I create a "content" user (service account) in AD that includes the "ContentApiRead", authenticate with client_credentials and secret setup in app registration (within AD), and set the principal to my "content" user once validated?

I assume the default content api auth token endpoint isn't used anymore? i.e. /api/episerver/auth/token

Thanks in advance
Mark