Microsoft Entra client access token

This SIT is also included in the All credentials bundled SIT.

Format

A combination of up to 10,000 characters consisting of letters, digits, and special characters.

or

A client secret or refresh token used in OAuth2.0 protocol.

or

A combination of up to 1,000 characters consisting of letters, digits, and special characters.

Pattern

Any combination of:

  • up to 10,000
  • a-z (not case-sensitive)
  • 0-9
  • forward slashes (/)
  • or plus signs (+)
  • Up to 2
  • equal signs (=)

for example:

"VersionProfile": null, "TokenCache": { "CacheData": "AgAAAAIAAACZAWh0dHBzOi8vbG9naW4ubWljcm9zb2

or

Variant client secret or refresh token formats for example.
ClientSecret:********
AppSecret=********
ConsumerKey:=********
Refresh_Token:********

or

3 letters: eyJ (case-sensitive)

And

A combination of up to 1,000 characters consisting

  • a-z (not case-sensitive)
  • 0-9
  • dashes (-)
  • underlines (_)
  • or dots (.)

for example:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ing0Nzh4eU9wbHNNMUg3TlhrN1N4MTd4MX...

Credential example

Confidence Band Example
High Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIm5vbmNlIjoibm9uY2UifQ.eyJhdWQiOiJodHRwczovL2hvc3QiLCJleHAiOjk5OTk5OTk5OTksImFwcGlkIjoiaWQiLCJ2ZXIiOiIxLjAifQ.UVQYT1FBt5J_
Medium Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL2hvc3QiLCJleHAiOjk5OTk5OTk5OTksImFwcGlkIjoiaWQiLCJ2ZXIiOiIxLjAifQ.UVQYT1FBt5J_
Low Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL2hvc3QiLCJleHAiOjk5OTk5OTk5OTl9.UVQYT1FBt5J_

Checksum

Yes

SITs that have checksums use a unique calculation to check if the information is valid. This means when the Checksum value is Yes, the service can make a positive detection based on the sensitive data alone. When the Checksum value is No additional (secondary) elements must also be detected for the service to make a positive detection.

Keyword Highlighting

Supported

When keyword highlighting is supported in the contextual summary for a sensitive information type or a trainable classifier, in the Contextual Summary view of activity explorer, the keywords in a document that were matched to a policy are highlighted.

Definition

This SIT is designed to match the security information that's contains claims that one can use in Azure Active Directory B2C (Azure AD B2C) to identify the granted permissions to Azure resources.

It uses several primary resources:

  • Patterns of Azure PowerShell Token Cache
  • Patterns of Client secret context
  • Patterns of Json Web Token
  • Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName
  • Patterns of mockup values, redactions, and placeholders
  • A dictionary of vocabulary

The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.

Keywords

Keyword_SymmetricKeyContextInXml:

  • tokencache

Keyword_ClientSecretContext:

  • secret
  • token
  • auth
  • securestring
  • key

Keyword_JsonWebToken:

  • eyJ