Till now, your app should hold a secret or certificate in backend application for Azure AD.
If your app can tightly collaborated with external identity (outside Azure AD), Federated Credential in Azure AD can be used to mitigate these risks without holding Azure AD secure information.
Azure integration in GitHub actions is one of examples using Federated Credentials.
Run ION (Sidetree), Decentralized Identifier (DID) Network
In this post, I show you how Sidetree DID network runs on decentralized technology stacks through ION implementation.
Verifiable Credentials : Decentralized Credential Flows
Microsoft has launched ION hosting (beta) on Bitcoin mainnet, and new verifiable credentials service (private preview) on Azure Active Directory (Azure AD). In this post, I will summarize what is verifiable credentials and how it works.
This style of identity and credentials are very much like our physical world. I hope this future credential backed by decentralized technology will mitigate the impedance mismatch between the real world and the digital world.
A Walkthrough For Azure AD B2C Custom Policy (Identity Experience Framework)
For the folks who try to edit custom policies by oneself, here we walkthrough the policy structure in Azure AD B2C custom policy. By learning this walkthrough, I hope you’ll have a intuitive sense of “where is” or “what is” for each settings in B2C custom policy.
I note that this post assumes that you have basic knowledge for Azure AD B2C (such as, user flows with standard UI, simple UX customization for branding, and so on) and identity technologies, such as, OpenID or OAuth.
Walkthrough of Decentralized Identity (DID) Network
For your beginning, this walk-through introduces how DID (decentralized identifier) network will work, using “test” network which is for the purpose of your experience and testing.
How to use custom scopes for admin consent in Entra ID
In this post I show you the tips for using admin consent for the scopes of Outlook REST API, 3rd party apps, or your own custom apps in Azure AD v2 endpoint. (Using UI, you can set the scopes only for Microsoft Graph.)
Build your own Web API protected by Entra ID
In this post I show you how to build your web api protected by Azure AD v2 endpoint with custom scopes. You can learn several OAuth scenarios and ideas through this post.
Use Azure REST API without interactive Login UI (Service Principal in Azure)
This post describes how to access Azure resource with certificate (without interactive login UI). When you create the backend service (like daemon) communicating with Azure resources, this flow can be used.
Build Custom Connector on Power Automate and Power Apps with Authentication
The custom connector (API connector) enables you to connect your own web api (REST api) in Microsoft Flow (including SharePoint workflow) and PowerApps.
In this post I show you how to build and use the custom connector with api authentication.
Backend (Daemon) App calling API protected by Entra ID
Now the client credential authentication using application permissions is supported in the Azure AD v2.0 endpoint. This post explains how it works for developers.
tsmatz