AuthorizationCodeCredential doesn't use client secret

[chlowell]

No description provided.

[xiangyan99]

@chlowell could you provide more information? :)

[chlowell]

AuthorizationCodeCredential has a client_secret kwarg but doesn't use its value. That makes it impossible for a confidential application, i.e. a web app, to use the credential. Fixing this is a low priority because the credential is unpopular. I wouldn't be surprised if no one uses it. It requires an application to acquire its own authorization code, presumably from some other library because azure-identity doesn't offer an API for that, and the credential instance is locked to the user it authenticates. I expect that's why we've had this issue open for a couple years without a +1 or a comment from an affected user (nor have I seen this problem mentioned elsewhere).

[ortonomy]

+1

[dyn4mic]

@chlowell Whats the alternative to authenticate for Confidential applications with a link to a user?
i found a way to authenticate with msal but no way to pass this to GraphServiceClient.

[chlowell]

It depends on the details of your scenario. Does your app run on a server or on client machines, and does it need to access resources owned by users?

[dyn4mic]

yes the app runs on a server, and it needs access to resources owned(own onedrive) and bound to user(group share, user is part of the group)

[chlowell]

That sounds like a case for the on-behalf-of flow (documented here), which azure-identity supports with OnBehalfOfCredential.

[charantejmandali18]

Hi @chlowell i am also facing the same issue, but in my flow i am using AuthorizationCodeCredntial where the user logs in to the created application by giving consent, i get a auth_cde too the call back url, and i have to generate the access_token, i am able to generate the access token using msal , but not able to pass it to GraphServiceClient

[charantejmandali18]

Also i feel this needs a fix, otherwise there is no sense of AuthorizationCodeCredential Flow

[github-actions]

Hi @chlowell, we deeply appreciate your input into this project. Regrettably, this issue has remained inactive for over 2 years, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.