ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-600 All Questions

View all questions & answers for the MS-600 exam
Go to Exam

Exam MS-600 topic 1 question 6 discussion

Actual exam question from Microsoft's MS-600
Question #: 6
Topic #: 1
[All MS-600 Questions]

HOTSPOT -
You are developing an application that will run as an overnight background service on a server. The service will access web-hosted resources by using the application's identity and the OAuth 2.0 client credentials grant flow.
You register the application and grant permissions. The tenant administrator grants admin consent to the application.
You need to get the access token from Azure Active Directory (Azure AD).
Which URI should you use for the POST request? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Oauth2 client_id client_secret -
The authorization code flow begins with the client directing the user to the /authorize endpoint.

Box 1: token -
Use the authorization code to request an access token.
Now that you've acquired an authorization code and have been granted permission by the user, you can redeem the code for an access token to the desired resource, by sending a POST request to the /token endpoint:

Box 2: authorization_code -
Use the authorization code to request an access token.
Example:
// Line breaks for legibility only
POST /{tenant}/oauth2/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
...etc.
Note: At a high level, the entire authorization flow for an application looks a bit like this:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
by dan234 at Sept. 6, 2020, 6:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dan234
Highly Voted 2 years, 3 months ago
The grant type should be client_credentials as this is the authentication flow in question. POST /{tenant}/oauth2/v2.0/token HTTP/1.1 //Line breaks for clarity Host: login.microsoftonline.com Content-Type: application/x-www-form-urlencoded client_id=535fb089-9ff3-47b6-9bfb-4f1264799865 &scope=https%3A%2F%2Fgraph.microsoft.com%2F.default &client_secret=qWgdYAmab0YSkuL1qKv5bPX &grant_type=client_credentials
upvoted 28 times
PanKok
1 year, 10 months ago
https://docs.microsoft.com/en-us/graph/auth-v2-service#token-request
upvoted 1 times
PanKok
1 year, 10 months ago
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
upvoted 2 times
...
...
...
RandomRubbish
Most Recent 8 months, 3 weeks ago
A: token B: client_credentials Spec says the grant type must be client_credentials, the answer is wrong. https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
upvoted 3 times
...
AzureExpertwannabe
10 months, 2 weeks ago
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow POST /{tenant}/oauth2/v2.0/token HTTP/1.1 //Line breaks for clarity Host: login.microsoftonline.com Content-Type: application/x-www-form-urlencoded client_id=535fb089-9ff3-47b6-9bfb-4f1264799865 &scope=https%3A%2F%2Fgraph.microsoft.com%2F.default &client_secret=sampleCredentia1s &grant_type=client_credentials Correct answer for section 2 is = client_credentials
upvoted 2 times
...
wfrf92
1 year, 1 month ago
First case: Access token request with a shared secret POST /{tenant}/oauth2/v2.0/token HTTP/1.1 //Line breaks for clarity Host: login.microsoftonline.com Content-Type: application/x-www-form-urlencoded client_id=535fb089-9ff3-47b6-9bfb-4f1264799865 &scope=https%3A%2F%2Fgraph.microsoft.com%2F.default &client_secret=sampleCredentia1s &grant_type=client_credentials
upvoted 2 times
...
dactivo
1 year, 4 months ago
It's client_credentials, because it's an app, for delegated would be authorization_code. If you find the postman project with all the graph calls, the section application, uses this url with client_credentials. So double checked.
upvoted 2 times
DJbraboz
10 months, 2 weeks ago
SMart check
upvoted 1 times
...
...
EmmaBovary
1 year, 8 months ago
Documentation about getting access without a user confirms client_credentials: https://docs.microsoft.com/en-us/graph/auth-v2-service
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel