Prerequisites for Modern Authentication Flows by Microsoft

Following are the required prerequisites for modern authentication flows provided by Microsoft which will be used in OAuth activity:

Requirements

Description

Authentication Details

Based upon the authentication flow configured for the application, the user must have the below authentication details –

User ID
Password
Client ID
Tenant ID
Redirect URL / Callback URL

Client Secret Value

NOTE:

Client Secret Value expires after a certain period and is visible only for one time. Ensure to copy and keep it handy.

Certificates and Federated credentials are not yet supported.

Based on the authentication flow used, usage of above authentication details may vary. For Example, Client Credential Flow needs only the Client ID, Tenant ID & Client Secret.

MFA Enabled Accounts

For MFA enabled accounts, the user must have the MFA secret key obtained from the respective application. The secret key can be obtained during the setup of any Authenticator App such as Google Authenticator or Microsoft Authenticator.

Types of Tokens

Access token

Access tokens enable users to securely call the Application APIs for performing various application related operations.

Validity – 1 hr.
Refresh Token

When a user acquires an access token to access a protected resource, the user also receives a refresh token for few authentication flows such as Authorization Code, Authorization Code with PKCE & ROPC Flow. The refresh token is used to obtain new access token when the current access token expires.

Validity (Mobility and Desktop) – 90 days
Validity (Single Page Application) – 1 day

URL Information

URL Recommended for Redirect URL -

Suggested by Microsoft –
https://login.microsoftonline.com/common/oauth2/nativeclient
https://login.live.com/oauth20_desktop.srf
msal{client-id}://auth
URL Recommended for Authorize URL and Access Token URL
https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize
https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

Configure Office 365 application

To configure a Office365 application:

In the Admin menu, click the (Add Application) icon in the Application pane to add an application. The Add Application dialog box appears.
In the Application Type list, select Office365.
In the Application Name field, enter a desired name for the application you want to add. The name must not contain any special character or space.
Click ADD. A message for the successful addition of the application is displayed.
Close the displayed message and enter the required details in the Application Properties panel.
- In the Service Url, specify the Service URL of the Graph API to be used. For example, https://graph.microsoft.com/v1.0
- Select the SignIn checkbox.
- In the DisplayName, enter the name of application.
- In the Modern Auth Type list, select the preferred auth grant type flow as per the Modern Authentication you want to run.
- For example, if you are creating process which uses Authorization Code Authentication flow, then ensure to select OAuthAuthorizeFlow from the available options.
Click Save.

You can see the added Office 365 application in the Application Tab.