I have the following doubt, I have a project that is based on microsoft authentication, a frontend with angular using msal and the backend with passport-azure-ad. My question is the following, is it necessary to use the client secret?
Autentication Azure ad Client Secret is necessary?
2.1k Views Asked by Ema At
1
There are 1 best solutions below
Related Questions in NODE.JS
- How to solve CERT_UNTRUSTED error in nodemailer
- Run a loop over a callback, node js
- Implementing prerender.io middleware in sails.js
- Token based authorization in nodejs/ExpressJs and Angular(Single Page Application)
- formatting path string in javascript
- One to One screensharing using WEBRTC
- Create polygon from grid (for collisions)
- Strange npm behavior when installing packages like grunt
- Convert JSON.gz to JSON in node js
- "Your npm version is outdated." but it's not. While install yo
- Why put methods on the prototype of a class instead of declaring them in the constructor?
- Node JS Async Response
- mongoose get property from nested schema after `group`
- Cannot Receive Incoming call on Twilio android Client
- How can I change a specific line in a file with node js?
Related Questions in ANGULAR
- Is it possible to use ES5 JavaScript with Angular 2 instead of TypeScript?
- Module '"angular2/angular2"' has no exported member 'For'
- import syntax in typescript creating another js file in visual studio
- Separate ts file for imports
- How to use an AngularJS 2 component multiple times in the same page?
- injectables not working in angular 2.0 latest build 26
- Does angular2 bootstrap have a way to dynamically target elements like it does in angular 1.x
- Import {} from location is not found in VS Code using TypeScript and Angular 2
- Angular 2/Typescript: require not found
- ng-switch in Angular2
- Angular 2 import issue: "Zone already exported on window the object!"
- How to make FileReader work with Angular2?
- Writing the most basic Unit test in Angular 2?
- Angular2: Creating child components programmatically
- AngularJS - TypeError: Cannot read property 'canonicalUrl' of undefined
Related Questions in AZURE-AD-B2C
- In theory, is it possible for Azure AD or B2C to leverage the Facebook SDK for auth?
- Azure AD B2C - Sign out a user from all sessions
- How to get Azure AAD B2C "forgot password" link to work
- Can Azure AD be used with SAML based Identity Providers?
- how to create an ad-b2c tenant under existing subscription
- Microsoft graph explorer - create user & update sign in username /email
- Create Reset Azure AD Password functionality
- Azure B2C: How do I get "group" claim in JWT token
- http 400: size of header request is too long when signing in user using Multifactor authentication
- How to deactivate and reactivate user in Azure AD B2C
- Can we change email address of user from "Profile editing policies" in Azure AD B2C?
- Azure AD B2C self service password reset link doesn't work
- Can I use Azure B2C to get an id token *and* get access tokens for my Azure-deployed services?
- ad b2c allow user to change MFA setting
- Can I share the same KeyVault between Azure B2C, and Azure B2B (AAD)?
Related Questions in AZURE-AD-MSAL
- In theory, is it possible for Azure AD or B2C to leverage the Facebook SDK for auth?
- How should I determine if an MSAL account has an Exchange based email system? (got an exception)
- How do I customize the App icon that appears in MSAL v2 myapps.microsoft.com?
- How to use ConfidentialClientApplication to perform AppOnly requests to Graph (Group.ReadWrite.All)
- Can MSAL be used with my own authority (e.g. IdentityServer)
- MSAL with Angular2 : Refused to display in a frame because it set 'X-Frame-Options' to 'deny'
- Azure B2C Refresh Token Functionality Not Working In iOS Swift Sample App
- Stay logged in when using msal.js
- Using MSAL in a machine-to-machine scenario as a CSP
- Unable to locate the refresh token with Microsoft Graph
- Microsoft Graph API .NET - Able to pull all users (including myself), but not just me
- How to make API call to Partner Center from authorized Web API?
- Why does my application always end up calling Program.PublicClientApp.AcquireTokenAsync?
- How to get user information when authenticating with OneDrive SDK
- Native Facebook login and Azure AD B2C using MSAL
Related Questions in PASSPORT-AZURE-AD
- passport-azure-ad : frontend and backend with same token (what strategy, and how to ?)
- Passport-azure-ad : authentication failed due to: tunneling socket could not be established, cause=getaddrinfo ENOTFOUND 3128
- Azure AD Invalid Signature of Access Token using Passport.js
- Azure passport multi-tentant app can't access federation metadata
- Configuring passport-azure-ad for Single Sign-On (without password input)
- Required Permisions to list users from Microsoft graph api
- Redirect to redirectURL passport-azure-ad OIDCStrategy
- What ID can I use for the signed in user using passport-azure-ad?
- Need help in getting an access-token using Passport-azure-ad npm module and OIDCStrategy
- passport-azure-ad Strategy.prototype.jwtVerify: cannot verify token
- Use the Refresh_Token to get another Access_Token every 1 hour in nodeJS express App
- Is this a right flow for React app on frontend and Express app on backend to authenticate and authorize users with Azure AD?
- Passport breaking request flow for federated accounts
- passport oauth authentication - token is stored in cookie header
- passport-azure-ad Single Sign On (SSO)
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
When we are using authorization code flow or hybrid flow in OpenID Connect, the client exchanges an authorization code for an access token. During this step, the client has to authenticate itself to the server. One way to authenticate the client is by using a client secret.
Client secret is required for web apps which can store the client_secret securely on the server side.All confidential clients have a choice of using client secrets or certificate credentials and passport azure ad library is designed for auth flows in server side web apps.
msal client apps
If your app is native(spa), client secret is not needed
Public clients, which include native applications and single page apps, must not use secrets or certificates when redeeming an authorization code as client_secret can't be reliably stored on devices or web pages and the secret can be vulnerable to attacks if it is client side exposed..
Reference: v2-oauth2-auth-code-flow-Client secret