Example of retrieving a token using an Entra App with a Cert

Hi!

Many Authentication providers are no longer allowing Apps to register with a client Secret. Well, specifically I found I could not create an App with a client secret in Microsoft Azure Entra (Previously Azure AD).

This really complicates the login and token retrieval process.

For instance, previously I had a collection in Postman for all of my Azure related things and I configured ‘Authorization’ for the whole collection with ‘OAuth Type’.

This called for me filling out the client ID and client Secret fields…which are not possible if your OAuth app only has a certificate.

Does anyone have a working example of how to Authenticate when your app only has a certificate registered in Azure AD?

What grant type are you using and can you share a screenshot of the Azure app registration screen?

I’ve just been looking at the Microsoft docs (as I had to look something else up for myself).

Looking at the Client Credentials flow, but it could apply to other grant types.

OAuth 2.0 client credentials flow on the Microsoft identity platform - Microsoft identity platform | Microsoft Learn

Microsoft now support an “access token request with a certificate”.

The main difference being that the client_secret parameter is replaced by the client_assertion_type and client_assertion parameters.

Looking through the Postman Authorization helpers, I’m not sure they support this type of flow yet.

This sounds like its related to this topic.

AuthType OAuth2.0 Client Secret is always required - :person_raising_hand: Help - Postman Community