Calling Microsoft Graph in a service or daemon app using client assertions instead of using client secret?

1
votes

The url https://developer.microsoft.com/en-us/graph/docs/authorization/app_only describes how a service or daemon app can use the client secret configured in the Microsoft Application Registration Portal and obtain access tokens.

The Application Registration Portal has a 'Generate New Key Pair' button to generate public/private key pair. Is there any documentation that describes how to use public/private key pairs and use it to get the access token instead of client secret?

Also i am always getting 'Failed-Network error' when i click the button to generate key pair. The private key is not being downloaded to my machine. I am using Chrome browser.

1
office365microsoft-graph-api
I was able to replicate your network error with Chrome, Edge and IE. That said, it worked as expected with Firefox. So (and no one is more surprised than me), I'd recommend trying Firefox when generating the key.Marc LaFleur
Thanks Marc. With firefox it worked. But still I do not know on how to use this public/private keys. Is there any documentation link similar to developer.microsoft.com/en-us/graph/docs/authorization/app_only which talks about using the password/secretbala

1 Answers

0
votes

The best place to start is the Service to service calls using client credentials article.

Architecturally, I typically stand up a REST API to act as an intermediary between your daemon and Graph. This gives you a nice abstraction layer to pre-process data from the daemon and reduce overall footprint on the local machine. There is a walkthrough for this scenario available here.There are also a couple of code examples available.

Regarding the downloading of the private .cert file, thank you for reporting this. A fix will be rolled out shortly that resolves the issue for Chrome and Edge. Until then, you can use Firefox as a workaround.