microsoft entra - creating client credential client

 To create a client credential login with microsoft, we can goto Microsoft Entra -> App Registration and create new app registration. Provide a name to your client for example "my-client-credential-registration" and click register.



Configure your client API permission

Goto API Permission (not Expose an API) and then 

1. Grant admin consent for default directory

2. Add Microsoft Graph permission and select Application permission. It is stated there that this is for application running as background task. 


Then select "User.Read.All" permission. You should have the following configuration. This settings here is what define your JWT scope.


In this configuration, you will get a "User.Read.All" - if you requested "https://graph.microsoft.com/.default" as your request scope.


Please remember to Grant Admin consent permission otherwise the scope or permission you specify will not appear.

3. Next create a secret for your client. So we go to "Certificate and secret". Then we will create a secret. 

That's it for setup part. 

Testing it using postman. 

Fire up your postman and then goto App Registration Endpoints. We are trying to get access to token endpoint




Next copy the "OAuth 2.0 token endpoint (v2)" - which looks like "https://login.microsoftonline.com/your-tenant-id/oauth2/v2.0/token"

Goto postman -> Under "Authorization" select client credentials. Then fill in the following fields. 

Please note for client id - we are using the Guid of the client 



And finally we would have this configuration here:- 


And you should get a jwt from this with a default expiry of 60 minutes. 


More about configuration application permission

On the other hand if you trying to add other permission and this permission must support "Application permission"  for example "Azure Healthcare APIs" and we grant it "system.all.all" then in our request we would also need to scope accordingly. 



And our token will appear like so :-




So you need to specify the scope that you wanted to appear. 

Don't forget the audience will be https://fhir.azurehealthcareapis.com instead of https://graph.microsoft.com/.default.




Comments

Post a Comment

Popular posts from this blog

vllm : Failed to infer device type

Trying to run vllm without gpu will typicaly lands you into this issue. To resolve this issue: we can use set these both. Setting one does not work for me. So i had to configure both settings below:- 1.  environment variable CUDA_VISIBLE_DEVICES = "" 2. in the command line, change to use device cpu and remove  tensor-parallel-size. For example, python3 -m vllm.entrypoints.openai.api_server --port 8080 --model deepseek-ai/DeepSeek-R1 --device cpu --trust-remote-code --max-model-len 4096" References https://docs.vllm.ai/en/latest/getting_started/troubleshooting.html#failed-to-infer-device-type
Read more

NodeJS: Error: spawn EINVAL in window for node version 20.20 and 18.20

Encounter this issue when running autorest (that uses nodejs).  I am using node version:  v18.20.2 After i revert to use node v18.12.0, then i was able to get my app to run without this error. Since i am working with Azure devops yaml, i was able to use the following to resolve my issue.  - task : NodeTool@0   inputs :     versionSource : 'spec'     versionSpec : '18.18.0'
Read more

android studio kotlin source is null error

Image
This org.jetbrains.kotlin.util.FileAnalysisException with a java.lang.IllegalArgumentException: source must not be null is a known issue that can sometimes occur with the Kotlin compiler. It seems to be related to how the compiler analyzes certain source code structures. When this happens, you need to go clean your project and do another rebuild.  For my case, I was trying to test out the databinding = true feature. 
Read more