Using a certificate instead of a client secret

Azure-Samples / ms-identity-python-webapp

A Python web application calling Microsoft graph that is secured using the Microsoft identity platform

MIT License

279 stars 133 forks source link

Closed mikez closed 1 month ago

mikez commented 2 months ago

In the Entra admin center it says "For a higher level of assurance, we recommend using a certificate (instead of a client secret) as a credential".

Is this something that the "identity" library or "msal" can help with? Here's a reference: https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials

rayluo commented 2 months ago

By default, this web app sample demonstrates reading client_credential from an ENV VAR which is typically a client secret string. However, if you somehow organize your certificate information in the format described by msal.ConfidentialClientApplication's client_credential parameter, this sample is expected to use that certificate. You can give it a try.