Can certificates be distinguished by access tokens?

Blunck, Fabian (ext) 0 Reputation points
2023-08-25T08:25:27.1466667+00:00

I wonder if it is possible to distinguish certificates based on the access token I get via the client credential flow.

Or is there another way to make a distinction (such as some request with the access token)

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,448 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 94,131 Reputation points MVP
    2023-08-25T08:49:01.5+00:00

    No. All configured secrets are "equal" in this regard, any of them that is still valid can be used to obtain an access token, which will be indistinguishable from obtaining a token via another secret. Microsoft might be keeping some sort of usage data for each secret, but those are not exposed to us, at least not currently.

    0 comments No comments