question

ManuNair-1769 avatar image
0 Votes"
ManuNair-1769 asked amanpreetsingh-msft edited

OAuth using client Credential workflow without using AppRole

Hi
We need to authorize the client using client credential workflow. Our company has asked us not to use AppRole since it is in preview state. Do you know when the AppRole is planned to be in full production?

if not AppRole what could be used for authorizing the client other than using azp or sub in the token. i am thinking of adding additional claims in the token to do that for eg: groupId to the token. is it the right approach? if yes then how to assign such values to the client application. Please give us the advice on this.

Regards,
Manu

azure-active-directoryazure-ad-app-registration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft edited

Hi @ManuNair-1769 · Thank you for reaching out.

Only the App roles UI is in preview. Configuring App roles by updating the manifest is Generally Available and not in preview.

You can update the application manifest with below parameters to include permission named consumer as application permission for instance, which will be returned as the value of roles claim.

 "appRoles": [
     {
       "allowedMemberTypes": [
         "Application"
       ],
       "displayName": "ConsumerApps",
       "id": "47fbb575-0000-0000-0000-0f7a6c30beac",
       "isEnabled": true,
       "description": "Consumer apps have access to the consumer data.",
       "value": "Consumer"
     }
   ],

80294-image.png

Note: When using client credentials flow, you can only use /.default scope to request for the token. E.g. I used scope https://mydomain.com/myapi/.default to acquire above token.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (5.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ManuNair-1769 · Just checking if you had a chance to test it out.

0 Votes 0 ·