Home > Software engineering >  Microsoft Graph: verify with which secret an access token was obtained
Microsoft Graph: verify with which secret an access token was obtained

Time:01-21

When getting an access token for Microsoft Graph using the client_credentials method (https://docs.microsoft.com/de-de/graph/auth-v2-service) you use a client secret.

Is there any way one can verify which secret (the secrets have IDs) was used to obtain the access token? Alternatively, is there any way to assign roles/ permissions to only on specific secret? Or, as another alternative, can you get ID tokens using a client secret?

I am sorry, but I can not find this information in Microsoft's documentation nor the internet.

CodePudding user response:

Is there any way one can verfiy which secret (the secrets have IDs) was used to obtain the access token?

No.

Alternatively, is there any way to assign roles/ permissions to only on specific secret?

No. They are assigned on the service principal.

Or, as another alternative, can you get ID tokens using a client secret?

Only if a user is involved, not through client credential flow.

  •  Tags:  
  • Related