How to change my Azure AD app to confidential client? (not public client)

3
votes

From the document : Configurable token lifetimes in Azure Active Directory (Public Preview)

It mentioned for "confidential client", the refresh token is "until-revoked".

Confidential clients are applications that can securely store a client password (secret). They can prove that requests are coming from the client application and not from a malicious actor. For example, a web app is a confidential client because it can store a client secret on the web server. It is not exposed. Because these flows are more secure, the default lifetimes of refresh tokens issued to these flows is until-revoked, cannot be changed by using policy, and will not be revoked on voluntary password resets.

So, my Azure AD app is Web app, so, how I can change my Azure AD app to "confidential client"? I can't find any app settings in Azure AD to set "confidential client" or "public client".

Thanks.

2
azureoauthazure-active-directory

2 Answers

4
votes

About Confidential client:

confidential Clients capable of maintaining the confidentiality of their credentials (e.g., client implemented on a secure server with restricted access to the client credentials), or capable of secure client authentication using other means.

This specification has been designed around the following client profiles:

web application

A web application is a confidential client running on a web server. Resource owners access the client via an HTML user interface rendered in a user-agent on the device used by the resource owner. The client credentials as well as any access token issued to the client are stored on the web server and are not exposed to or accessible by the resource owner.

It means that Native Application and user-agent-based application are public clients, but web applicaiton is a confidential client.

so, how I can change my Azure AD app to "confidential client"?

The answer is obvious: If the applicaiton which you created is a Web APP/Web API, it's just a confidential client. Otherwise, it's a public client. It depends on what kind app did you create.

Hope this helps!

0
votes

There is a setting in Azure Portal for making an application public of confidential. By default it is set to No, meaning the application is confidential. enter image description here