Using PowerShell to configure a signing certificate for a SAML-based SSO Enterprise Application

In my last blog post I talked about how to use PowerShell to instantiate an MSAL Confidential Client Application to acquire an access token using Client Credentials Grant flow. In this post we will use PowerShell to instantiate an MSAL Public Client Application to perform an Authorization Code Grant flow to obtain a delegated permission Access Token for Microsoft Graph. We will then use that access token to call Microsoft…

Read More

Why /memberOf Microsoft Graph API returning null fields for some attributes.

What do below API calls do? https://graph.microsoft.com/v1.0/me/memberOf https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/memberOf These API calls gives us the list of groups and directory roles that the user is a direct member of. API Call: GET JSON response: {     “@odata.context”: “https://graph.microsoft.com/v1.0/$metadata#directoryObjects”,     “value”: [         {             “@odata.type”: “#microsoft.graph.group”,             “id”: “b0a133d4-3f3d-4990-be22-879151155f19”,             “deletedDateTime”: null,             “classification”: null,             “createdDateTime”: null,             “creationOptions”: [],             “description”: null,             “displayName”: null,             “expirationDateTime”: null,             “groupTypes”: [],             “isAssignableToRole”: null,             “mail”: null,             “mailEnabled”: null,             “mailNickname”: null,             “membershipRule”: null,             “membershipRuleProcessingState”: null,         } } What is the reason behind seeing null values? When we make a call…

Read More

Performing Azure AD OAuth2 Authorization Code Grant flow with PKCE in PostMan

Proof Key for Code Exchange (PKCE) is a mechanism, typically used together with an OAuth2 Authorization Code Grant flow to provide an enhanced level of security when authenticating to an Identity Provider (IDP) to get an access token. In fact for Single Page Applications (SPA), Authorization Code Grant flow with PKCE is now the recommended OAuth2 authentication protocol over its predecessor, the Implicit Grant flow, for acquiring an access token.…

Read More