Can certificates be distinguished by access tokens?

Blunck, Fabian (ext) 0 Reputation points

I wonder if it is possible to distinguish certificates based on the access token I get via the client credential flow.

Or is there another way to make a distinction (such as some request with the access token)

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,448 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 94,131 Reputation points MVP

    No. All configured secrets are "equal" in this regard, any of them that is still valid can be used to obtain an access token, which will be indistinguishable from obtaining a token via another secret. Microsoft might be keeping some sort of usage data for each secret, but those are not exposed to us, at least not currently.

    0 comments No comments