emliunix commented on PR #5733: URL: https://github.com/apache/opendal/pull/5733#issuecomment-2729613015
@erickguan I tested client_secret and in short, it works fine. Also I'd like to record my findings: ## How I obtain the refresh token 1. create Application: Microsoft Entra Admin Center -> Applications -> App Registrations 2. in the application -> Authentication, add platform config of your choice 3. in the application -> manifest, make sure `"signInAudience": "AzureADandPersonalMicrosoftAccount",` this makes the client_id work with API calls with `/common` path segment 4. follow the code grant flow or other flows (the minimum scopes are `offline_access Files.ReadWrite`). make sure the access token represents a user, because it's accessing the user's onedrive by requesting with "/me/drive" in URL path ## client_secret consideration Microsoft [classifies](https://learn.microsoft.com/en-us/entra/identity-platform/msal-client-applications) application into either Public Client or Confidential Client. And that's determined by the platform you choose in step 2 above And what it means is that: * for Public Client, auth/token_refresh with client_secret will be rejected. * for Confidential Client, auth/token_refresh without client_secret will be rejected. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
