I want to get access token with a certificate.
I know values of these client_id, grant_type, scope from my application.
But where can I find values of assertion and client_assertion.
Do I need to get more tokens, I'm completely lost here.
Can anyone guide me with working example?
CodePudding user response:
This is a sample. It can be summarized as:
- go to this url to get auth code:
https://login.microsoftonline.com/tenant_id/oauth2/v2.0/authorize? client_id=aad_client_id &response_type=code &redirect_uri=http://localhost/myapp/ &response_mode=query &scope=api://aad_client_id_which_exposed_api/permission_name &state=12345
2.use auth code to generate access token by auth code flow. 3. use access token to generate another access token by obo flow.
On behalf flow is used when an API want to call another API. So at first you need to have a web api which is protected by AAD, so that it can receive an access token A. After having this token A, on behalf flow can generate a new token B by A, so A is the value for parameter assertion. Then using client id client secret and follow 
You may also refer to this tutorial, this can help you understand obo flow.