Skip to main content
Open

Using Certificates instead of Client secrets to identity when requesting a token

Related products:Software FactoryIntelligent Application ManagerIndicium Service Tier
Dennis van Leeuwen
Hero

Credentials enable confidential applications to identify themselves to the authentication service when receiving tokens at a web addressable location (using an HTTPS scheme). For a higher level of assurance, Microsoft recommend using a certificate (instead of a client secret) as a credential.

I don't rule out Microsoft supporting only certificates in the future. Therefore, development in this area does not seem to me to be a wasted investment.

 

For the Universal GUI, we use Identity Provider "Azure" where IAM is linked based on Client ID and Client secret. Because "Client secrets" have an expiration date it would be nice to use a certificate instead of client secret ID.

Expires in 730 days (24 months)​​​

 

 

 

Did this topic help you find an answer to your question?

2 replies

Mark Jongeling
Administrator
Forum|alt.badge.img+23
NewOpen
"Wake me up before you low-code" | On holiday 06-02 till 27-06
Dennis van Leeuwen
Hero
Forum|alt.badge.img+12

I would like to bring my previously submitted idea to your attention again, especially because the Microsoft Azure - Integration assistant identifies this configuration as "Recommended configurations - Action required."

Microsoft identity platform application authentication certificate credentials

Use certificate credentials instead of password credentials (client secrets).

Is this something that has your attention or does it really depend on the number of votes?

Jochem Pieper
I
2 people like this
  • Jochem Pieper
    Jochem Pieper
  • I
    Ionut_Catalin

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings