Skip to content

Introduction to OAuth on the Microsoft Identity Platform

OAuth is a big specification. The Microsoft Identity Platform is an implementation from OAuth, adding things on top. Not all aspects are needed for our daily work.

In this context, we separate the following:

  1. the Entra App: this is a construct that defines permissions to a well-defined set Microsoft APIs such as Graph, PowerBI, Azure, Business Central, and more. In additional to the permissions, an Entra App has a:

    1. client_id: the ID of the App
    2. client_secret: an app can have multiple secrets. Typically, there is one secret per user who is is using the app.
    3. scope: permissions are bundled as scopes.
  2. authorization flow: OAuth defines multiple ways to authenticate securely. In our daily work, the following two flows are the most important:

    1. authorization code flow
    2. client credentials flow
      The result of the authorization flow is an Access Token that we can use to access the API.