Hi @john john ,
Thanks for reaching out and apologies in delay in response.
These are the basic configuration require to run the webapp to integrate with Azure AD and to authenticate the users in Azure AD.
There are OAuth2 flows which do not require client secret to authenticate the users and for those flows above configuration will work.
However, Visual studio also provide the screen to configure the client secret as below :
which will automatically add the secret in the portal.
You can use both client secret and client certificate to make request securely. However, a client certificate provides stronger security compared to a client secret in certain use cases because:
- Identity verification: A client certificate can be used to verify the identity of the client, making it more secure compared to a secret that can be easily leaked or compromised.
- Cryptographic strength: Client certificates are typically issued by a trusted certificate authority and are signed using a strong cryptographic algorithm, making it more secure compared to a simple secret that can be easily guessed or stolen.
- Non-repudiation: Client certificates can be used to provide non-repudiation, i.e., the client cannot deny having made a particular request, making it more secure compared to a secret that can be easily shared or compromised.
However, client certificates can be more complex to implement and require additional infrastructure compared to a simple secret, so the choice between the two depends on the specific use case and security requirements.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.