When getting an access token for Microsoft Graph using the client_credentials method (https://docs.microsoft.com/de-de/graph/auth-v2-service) you use a client secret.
Is there any way one can verify which secret (the secrets have IDs) was used to obtain the access token? Alternatively, is there any way to assign roles/ permissions to only on specific secret? Or, as another alternative, can you get ID tokens using a client secret?
I am sorry, but I can not find this information in Microsoft's documentation nor the internet.
CodePudding user response:
Is there any way one can verfiy which secret (the secrets have IDs) was used to obtain the access token?
No.
Alternatively, is there any way to assign roles/ permissions to only on specific secret?
No. They are assigned on the service principal.
Or, as another alternative, can you get ID tokens using a client secret?
Only if a user is involved, not through client credential flow.
