Reputation: 1881
Redirect URI with Client Credential Flow
I am looking into using MSAL and client credential flow, however, there is one thing I don't fully understand.
In the example provided by Microsoft: https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/blob/master/daemon-console/Program.cs
The following code is used to get an access token:
var clientCredentials = new ClientCredential(_clientSecret);
var app = new ConfidentialClientApplication(_clientId, _authority, "https://daemon", clientCredentials, null, new TokenCache());
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
AuthenticationResult result = await app.AcquireTokenForClientAsync(scopes);
Whats with the redirectUri in this case?
I have tried different values as the redirectUri and it seems to work either way... but if I add a relative path or null it fails to obtain a token. What is this value supposed to be?
For a console application it makes little sense to listen on an URL, however, the documentation for ConfidentialClientApplication says that it is required.
Upvotes: 3
Views: 2802
Answers (1)
Reputation: 27528
To request access token with client credential flow , app will send HTTP POST token request to Azure AD's token endpoint with app's credential , AAD will return access token in response , redirect url is not need in this scenario . According to source code , the redirect url is not used also:
private async Task<AuthenticationResult> AcquireTokenForClientCommonAsync(IEnumerable<string> scopes, bool forceRefresh, ApiEvent.ApiIds apiId, bool sendCertificate)
{
Authority authority = Instance.Authority.CreateAuthority(ServiceBundle, Authority, ValidateAuthority);
AuthenticationRequestParameters parameters = CreateRequestParameters(authority, scopes, null,
AppTokenCache);
parameters.IsClientCredentialRequest = true;
parameters.SendCertificate = sendCertificate;
var handler = new ClientCredentialRequest(
ServiceBundle,
parameters,
apiId,
forceRefresh);
return await handler.RunAsync(CancellationToken.None).ConfigureAwait(false);
}
But you should provide a valid url when initializing the ConfidentialClientApplication at this point .
Upvotes: 3
Related Questions
- redirect URI in Azure web app authentication
- Configure redirect URI in Asp.NET Core Azure AD authentication
- How to get Azure OIDC to respect my redirect URI?
- How to change redirect_uri for Azure AD
- Azure web App .net core OpenID redirect_uri issue
- Redirection doesn't happen in open id "OnAuthorizatioCodeReceived"
- ASP.NET Core Azure AD Auth - Redirect URI incorrect for network web server
- Azure Ad - Redirect Uri hidden behind authorization
- Redirect users to authorization URL with request parameters
- ASP.NET 5 OAuth redirect URI not using HTTPS