Register application in Azure portal – Part II

I hope you must have enjoyed our last article about create an application in Azure portal. In this article, we will see How to Register application in Azure portal .

Generate client secret for your app

Generating client secret for your app
Follow previous article steps and navigate to your application in the Azure portal

Follow these steps to generate client secret for your application

1. Select Certificates & secrets.
2. Select Client secrets -> New client secret.
3. Provide a description of the secret and a duration. When done, select Add.After saving the client secret, the value of the client secret is displayed. Copy this value because you won’t be able to retrieve the key later. You will provide the key value with the application ID to sign in as the application. Store the key-value where your application can retrieve it.

Granting admin consent to your app permissions

There are two ways you can get admin consent to your app permissions.

First simple way is to let your admin know the you are using the app permission and request him to log in to his admin portal and open your app. Then admin can see that for some permission he needs to provide the consent.

so if all permissions are good enough to grant consent he can click on grant consent option through UI only.

The second way is little complicated one this approach uses the consent API endpoint to get the consent from admin.

When you’re ready to request permissions from your organization’s admin, you can redirect the user to the Microsoft identity platform admin consent endpoint.

// Line breaks are for legibility only.
  GET https://login.microsoftonline.com/{tenant}/v2.0/adminconsent?
  client_id=6731de76-14a6-49ae-97bc-6eba6914391e
  &state=12345
  &redirect_uri=http://localhost/myapp/permissions
  &scope=
  https://graph.microsoft.com/calendars.read 
  https://graph.microsoft.com/mail.send

Parameter	Condition	Description
tenant	Required	The directory tenant that you want to request permission from. Can be provided in GUID or friendly name format OR generically referenced with organizations.
client_id	Required	The Application (client) ID that we generated earlier
redirect_uri	Required	The redirect URI where you want the response to be sent for your app to handle.
state	Recommended	A value included in the request that will also be returned in the token response. It can be a string of any content you want.
scope	Required	Defines the set of permissions being requested by the application. This can be either static (using /.default) or dynamic scopes.

At this point, Azure AD requires a tenant administrator to sign in to complete the request. The administrator is asked to approve all the permissions that you have requested in the scope parameter.

If you’ve used a static (/.default) value, it will function like the v1.0 admin consent endpoint and request consent for all scopes found in the required permissions for the app.

After you’ve received a successful response from the admin consent endpoint, your app has gained the permissions it requested.

Hope you learned that How to Register application in Azure portal in this tutorial. Please visit https://www.sharepointgems.com/ for more exiting tutorials.