Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Redirect URI with Client Credential Flow

Tags:

asp.net-core

.net-core

oauth-2.0

azure-active-directory

azure-ad-msal

I am looking into using MSAL and client credential flow, however, there is one thing I don't fully understand.

In the example provided by Microsoft: https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/blob/master/daemon-console/Program.cs

The following code is used to get an access token:

var clientCredentials = new ClientCredential(_clientSecret);
var app = new ConfidentialClientApplication(_clientId, _authority, "https://daemon", clientCredentials, null, new TokenCache());
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
AuthenticationResult result = await app.AcquireTokenForClientAsync(scopes);

Whats with the redirectUri in this case?

I have tried different values as the redirectUri and it seems to work either way... but if I add a relative path or null it fails to obtain a token. What is this value supposed to be?

For a console application it makes little sense to listen on an URL, however, the documentation for ConfidentialClientApplication says that it is required.

like image 689
agnsaft Avatar asked Mar 21 '26 03:03

agnsaft

1 Answers

To request access token with client credential flow , app will send HTTP POST token request to Azure AD's token endpoint with app's credential , AAD will return access token in response , redirect url is not need in this scenario . According to source code , the redirect url is not used also:

private async Task<AuthenticationResult> AcquireTokenForClientCommonAsync(IEnumerable<string> scopes, bool forceRefresh, ApiEvent.ApiIds apiId, bool sendCertificate)
{
    Authority authority = Instance.Authority.CreateAuthority(ServiceBundle, Authority, ValidateAuthority);
    AuthenticationRequestParameters parameters = CreateRequestParameters(authority, scopes, null,
        AppTokenCache);
    parameters.IsClientCredentialRequest = true;
    parameters.SendCertificate = sendCertificate;
    var handler = new ClientCredentialRequest(
        ServiceBundle,
        parameters,
        apiId,
        forceRefresh);

    return await handler.RunAsync(CancellationToken.None).ConfigureAwait(false);
}

But you should provide a valid url when initializing the ConfidentialClientApplication at this point .

like image 73
Nan Yu Avatar answered Mar 23 '26 04:03

Nan Yu
Sign in to Comment

Related questions

HealthCheckUI (AspNetCore.Diagnostics.HealthChecks) Unexpected Character 'H' error
How to comment out a line of code in Visual Studio 2022?
Multiple child rows in datatable, data from sql server in asp.net core
How to return a file path as a URL under the wwwroot directory using .NET 6 minimal API?
ContentDispositionHeaderValue.FileName vs IFormFile.FileName in asp.net core
Startup exception retry on next request

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!