why Microsoft Identity platform ignore the client secret created inside the related azure Active Directory App?
I created a new ASP.NET Core 6.0 MVC web application, and I define it to use Azure AD for authentication (Microsoft Identity Platform ), as follows:
Then I was asked to create an owned application, so I created one named "ad" as follows:
Inside my application's appsetting.json I have these settings:
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "*****",
"TenantId": "***",
"ClientId": "***",
"CallbackPath": "/signin-oidc"
},
....
}
It seems Visual Studio did all the work for us.
Then i went to the generated Azure Active Directory App >> and created a client secret for it as follow:-
then i thought that since i am not passing the newly generated Client secret from my asp.net core mvc users will not be able to login to the asp.net core mvc web application,, but what is happening is that they can login without any issue.. so my question is why Microsoft Identity platform ignore the client secret created inside the related azure Active Directory App?
Thanks
Client secret is only used with authentication flows that require it.
I think the VS generated solution will use hybrid flow by default, which results in the ID token being returned to the app in the authentication response. The client secret is not involved in this flow.
Now if your application needed to get access tokens to other APIs, you would need a client secret/certificate. Or if you change to use for example authorization code flow.
- Get all user properties from Microsoft graph
- How to do azure single sign on with next.js 14 and App Router
- Azure ClientCertificateCredential - Using SNI
- Entra ID Schema Extension with custom Namespace
- MSAL Node service & The Partner Center API
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- Generate token fails for Azure app which is both client and API (client credentials workflow)
- Authenticating to Sharepoint Online Site via React SPA in MS Teams personal Tab
- Login failed for user '<token-identified principal>' while authorizing to SQL Server via Service Principal from AAD group assigned
- MSAL library fails to parse token in Chromium based browsers
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure B2C IdP-Access Token fails with IDX10511: Signature validation failed
- EntraID: how to pass application roles downstream
- During signIn receiving B2C error code ‘AADB2C99059’
- How can I read local MS Teams status
- How to find the tenant where a multi-tenant AAD application was registered
- Azure AD permissions for MS Forms
- ASP.NET Core app running on IIS gives Http Error 401.2-Unauthorize
- Azure Active Directory skip account selection on logout
- Azure active directory - Get access token using Azure CLI
- Azure B2C / WPF - Handling a failed MFA verification flow
- How do I display Job Title in my Next Auth app
- Login failed for user identified principal
- What does "grant admin consent" button do in azure Azure Active Directory application?
- Azure AD Graph API or Powershell Graph: Gathering all the assigned roles that are associated to a group
- Azure AD user unable to connect to Azure SQL Error: 18456,State:1,Class:14
- Is there a way to add the sam_account_name of a user in the id_token claims?
- No users to select from the list in Azure Role assignments using Resource Group Owner
- Azure pipelines cannot connect to Azure SQL via AD/Entra using a custom console application
- "AADSTS900144: The request body must contain the following parameter: 'grant_type'.?