Quote of the Day

more Quotes

Categories

Get notified of new posts

Buy me coffee

Tag Archives for " MSAL "

Authenticate against azure ad using certificate in a client credentials flow

I have an API which needs to authenticate against azure ad to obtain an access token for calling another downstream API. When registering an application in azure AD for the caller API, I could either setup a shared secret or a certificate for the API to use as part of its credentials in a client credentials flow . In the past, I had always used a shared secret as it was more convenient and easier to setup. However, using certificate provides stronger security. After spending a few hours of googling and hacking, I was able to setup and use a certificate instead of a shared secret as credentials for the caller API to authenticate against azure AD.

Continue reading

Using OAuth2 Client Credentials grant type in Azure ADB2C

Published September 6, 2020 in Azure , Azure ADB2C , OAuth2 , security - 2 Comments

In the past, I worked on a project in which we had had to registered applications in both regular azure AD and azure ADB2C tenants just because OAuth2 Client Credentials grant type was not supported in Azure ADB2C. However, I recently learned that it is now possible to use the grant type to obtain an access token for an app in azure ADB2C.

Continue reading

OIDC implicit flow in angular with MSAL for angular, Microsoft Identity Platform (v2.0) and Azure AD.

In this post, I share my experience about doing OpenID Connect (OIDC) implicit flow using Microsoft Authentication library (MSAL) for Angular, Microsoft Identity Platform (v2.0), and Azure AD. This post is part of the blog post series in which I cover implementing OIDC flows to protect as system that consists of an angular front-end application and asp.net core web apis. In the previous post, I give a high level overview of the technologies involved in protecting such a system.

Continue reading

Protecting angular and ASP.NET core applications – An Overview.

Published June 23, 2019 in Angular , ASP.NET core , Azure , OAuth2 , security - 0 Comments
Protecting angular and ASP.NET core applications
Protect Angular and ASP.NET core applications

In this and upcoming blog posts, I’ll be talking about integrating Azure Active Directory (AAD) and leveraging open source libraries to protect a system consisting of an angular application and ASP.NET core web apis.

In this post, I just want to give a high level overview of the setup and the technologies involved in securing such as system. As such, I likely gloss over some of the points. In subsequent posts, I’ll cover the specific parts in more details.

Continue reading