Several OAuth 2.0 servers, like the Microsoft Identity Platform, provide an authentication option utilizing certificates instead of client secrets. This approach enhances security and authentication mechanisms within the protocol. Starting from version 4D 20 R5, Netkit incorporates OAuth 2.0 certificate-based connection management.
Using the Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants offers enhanced security over client secrets. It allows for encrypted and digitally signed assertions, bolstering authentication mechanisms with additional identification information like digital certificates or JWTs. This reduces risks associated with secret management, providing a more secure method for authentication and authorization.
To use certificates, you need to be in “Service” permission and use the .privateKey and .thumbprint properties of your OAuth2Provider object.
If you want to use certificates with Microsoft Identity Platform:
- Go to the Azure App registration interface and upload your certificate to obtain your Thumbprint code:
- You now have a valid Thumbprint to obtain your token:
var $params;$token : Object
var $oAuth : cs.NetKit.OAuth2Provider
var $privatekey:=File("/RESOURCES/key.pem").getText("ascii"; Document unchanged)
If (Length($t_privatekey)>0)
$params:=New object()
$params.name:="Microsoft"
// Only usable with permission:="Service"
$params.permission:="Service"
$params.clientId:="8008ebf5-xxx"
$params.scope:="https://graph.microsoft.com/.default"
$params.tenant:="16dc191b-xxx"
$params.clientEmail:=$myClientEmail
// Certificate private key
$params.privateKey:=$t_privatekey
// Thumbprint of certificate / public key can be copied in Azure portal at certificated & secrets
$params.thumbprint:="A4CC91B864xxx"
$oAuth:=cs.NetKit.OAuth2Provider.new($params)
$token:=$cs_oAuth.getToken()
End if