HOTSPOT
You are developing an application that will run as an overnight background service on a server. The service will access web-hosted resources by using the application’s identity and the OAuth 2.0 client credentials grant flow.
You register the application and grant permissions. The tenant administrator grants admin consent to the application.
You need to get the access token from Azure Active Directory (Azure AD).
Which URI should you use for the POST request? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
0
Answer:
Explanation:
Oauth2 client_id client_secret
The authorization code flow begins with the client directing the user to the /authorize endpoint.
Box 1: token
Use the authorization code to request an access token.
Now that you’ve acquired an authorization code and have been granted permission by the user, you can redeem the code for an access token to the desired resource, by sending a POST request to the /token endpoint:
Box 2: authorization_code
Use the authorization code to request an access token.
Example:
// Line breaks for legibility only
POST /{tenant}/oauth2/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
…etc.
Note: At a high level, the entire authorization flow for an application looks a bit like this:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
Leave a Reply