Developer Support

Advocacy and Innovation

Azure AD OAuth client credential flow with custom certificate walk-through

June 29, 2022 Jun 29, 2022 06/29/22

Developer Support

Nicola Delfino demonstrates how to use a certificate to request an access token to Azure Active Directory, using the OAuth 2.0 client credential flow You can use the OAuth 2.0 client credentials grant specified in RFC 6749, to access web-hosted resources by using the identity of an application. This type of grant is commonly used for ...

Microsoft Identity Platform which OAuth flow should I use?

October 12, 2020 Oct 12, 2020 10/12/20

Developer Support

Microsoft Identity Platform: which OAuth2 flow should I use? My non-prescriptive one-page guide in choosing the right auth flow for every situation.

Using OAuth2 OBO with Azure AD B2C

July 23, 2020 Jul 23, 2020 07/23/20

Developer Support

This sample uses a custom web service (B2BOBOWeb) to provide a token endpoint, which handles the Extension Grant requests and communicates with B2C to respond with a valid response (access token). It uses a specific B2C tenant configured with custom journeys to handle this communication.

Securing Blazor WebAssembly Application With Azure Active Directory

July 21, 2020 Jul 21, 2020 07/21/20

Developer Support

In this post, Consultants Wael Kdouh and Marius Rochon shows how to secure Blazor WebAssembly Applications with Azure Active Directory.

Workshop Spotlight: Modern Authentication and Authorization

September 20, 2019 Sep 20, 2019 09/20/19

Developer Support

Building applications operating in the internet environment requires understanding of options available for performing authentication and authorization. These options include, both a variety of protocols such as OAuth2 and WS-Federation, as well as tools and toolkits such as Azure AD, AD FS and ADAL.

Choosing the OAuth2 grant flow

June 17, 2019 Jun 17, 2019 06/17/19

Developer Support

Premier Dev Consultant Marius Rochon explores OAuth2 questions you need to ask and how the answers lead to the selection of the grant. The OAuth2 specifications define six different grant types (https://tools.ietf.org/html/rfc6749 and https://tools.ietf.org/html/draft-ietf-oauth-device-flow-15). Each provides the most optimal (from the ...

Azure BOTs – getting extra access tokens

March 5, 2019 Mar 5, 2019 03/5/19

Developer Support

In this post, Premier Dev Consultant Marius Rochon show us how to obtain extra access tokens using OAuth2 Extension flow (on-behalf-of flow). The following describes an approach for getting access tokens to more than one resource, without re-displaying the sign in dialog (using the V2 Azure AD endpoint). In a nutshell, the procedure...

Passive is good!

April 8, 2016 Apr 8, 2016 04/8/16

Pam Lahoud

Here’s a quick read from Premier Developer consultant Marius Rochon’s blog. In it, Marius gives some great reasons to leverage passive authentication protocols in your applications rather than writing your own code to handle credentials. Some time back I wrote about avoiding handling of credentials (creation/maintenance/...

Developer Support

OAuth2 - Developer Support