To obtain a token with client secret authentication, we followed these steps:
- Registered an application in the Azure portal and got the client ID and client secret.
- Added Microsoft Graph permissions with administrator consent
from msal import ConfidentialClientApplication
client_id = "xxxxxx"
client_secret = "yyyyyyy"
tenant_id = "zzzzzzz"
authority_url = f"https://login.microsoftonline.com/{tenant_id}"
app = ConfidentialClientApplication(
client_id=client_id,
client_credential=client_secret,
authority=authority_url
)
scope = "https://graph.microsoft.com/.default"
result = app.acquire_token_for_client(scopes=scope)
access_token = result.get("access_token")
print(access_token)
We are looking for a way to use client certificate authentication instead of client secret, but we cannot find any Python code that works.
I registered one Entra ID application and added permissions with consent as below:
Now, I ran below commands to create private key and certificate like this:
Response:
When I checked the folder in that path, files created successfully like this:
Now, upload
sridemo.crtfile to your Entra ID app registration and note thumbprint value:To generate the access token using client certificate, make use of below sample Python code:
Response:
When I decoded the above token in jwt.ms, I got
audandrolesclaims with valid values like this:Reference: Client credentials - Microsoft Authentication Library for Python | Microsoft