Thanks for the great demo. I just had one question. If I have a single page app or a native app and a backend API (django rest) completely independen of each other. In my case if my single page app/native apl wants to access certain data from backend API. And inorder to access the API, user should be logged in to the backend API. So what my approch is to make use of MSAL library to get the access token from the SPA/native app and then once token is acquired, pass that token to backend API, validate it, get the user info from graph api, if user is exists in the DB login the user and pass the required info. If user info doesn't exist then create the user, login and pass the info from API. So my question is when I pass the access token to backend api. How can we validate that the token which we passed to backend API is valid token or not? Is it just we need to make an API call to graph API? if it is able to get the user data then token is valid or if it fails then the token is invalid. Is it the general way to validate the token or some better approach is there? Please help
Useful video, but couldn't understand refresh token, how it can be revoked. How token lifetime policy will impact the flow If we have sign-in frequency under conditional access policy, will the access token expire at sign in frequency?
Hello conceptworks, Very good explanation of tokens, I just have a question: that is the default expiration for access token from Entra ID connect? What is the difference between refresh token and Primary Refresh Token PRT? Best regards,
@@ConceptsWork: Perfect.. thanks for your quick answer. love your videos. you way to explain is excellent. I will join again to the community you are very very good.
Hi, it was very informative. i have one doubt though. In my case i want to run some thread in background just to sync users data in our system and as we know access token expire in an hour and then we can use refresh token to get new access token. let me know how i can make sure that my refresh token never expire so that i can grab new access token always.
In my scenerio i can't ask user to authenticate him self every time and as we can't say when our refresh token will expire so this scenario can come anytime..
Is this token can be compromised? I know it is Base64 encoded. However, can it still be tampered if it travels down the wire? Is there any other security provisioned for this token on top of Base64 or Base64 is enough?
@@ConceptsWork due to of MFA when ever i try to hit Refresh token api it gives an error.After that if i try to authenticate the user with CrmServiceClient and authtype client secret it error me "unable to login to dynamics crmorganizationserviceproxy is null" i am in very bad situation please help me new to dynamics.
nemely.com/blog/connect-to-multi-factor-enabled-d365-cds-programmatically-online-9-1/ i used this to implement. and thier is another way to implement using username and password then it works fine but not with client secret. Please help me
This episode alone deserve to be your subscriber. The way you have explained it has answered my 3 year old questions.
10/10!
This is a great example and explanation of grant types!
7 +Years of outlook stalking solved under 15 minutes. Love you! You deserve lots of money and good loving. Wishing you the best!
Great bro. Thanks for a lot for realistic videos
You are great bro
Great explanation sir..
Thanks for liking
Thanks for the great demo. I just had one question. If I have a single page app or a native app and a backend API (django rest) completely independen of each other. In my case if my single page app/native apl wants to access certain data from backend API. And inorder to access the API, user should be logged in to the backend API.
So what my approch is to make use of MSAL library to get the access token from the SPA/native app and then once token is acquired, pass that token to backend API, validate it, get the user info from graph api, if user is exists in the DB login the user and pass the required info. If user info doesn't exist then create the user, login and pass the info from API.
So my question is when I pass the access token to backend api. How can we validate that the token which we passed to backend API is valid token or not?
Is it just we need to make an API call to graph API? if it is able to get the user data then token is valid or if it fails then the token is invalid.
Is it the general way to validate the token or some better approach is there? Please help
Hello Aashay, You can have a logic defined where the issuer id of the token is verified, every tenant will have a specific token issue id.
Useful video, but couldn't understand refresh token, how it can be revoked.
How token lifetime policy will impact the flow
If we have sign-in frequency under conditional access policy, will the access token expire at sign in frequency?
This video must be included in MS documentation.
Hello conceptworks,
Very good explanation of tokens, I just have a question:
that is the default expiration for access token from Entra ID connect?
What is the difference between refresh token and Primary Refresh Token PRT?
Best regards,
Refesh token is identity specific, however PRT is binded to each device.
@@ConceptsWork: Perfect.. thanks for your quick answer.
love your videos.
you way to explain is excellent.
I will join again to the community
you are very very good.
Thanks
Thanks for the explanation.....Could you please let me know ...how to ignore session_state while sending it token endpoint
Hi, it was very informative. i have one doubt though. In my case i want to run some thread in background just to sync users data in our system and as we know access token expire in an hour and then we can use refresh token to get new access token. let me know how i can make sure that my refresh token never expire so that i can grab new access token always.
In my scenerio i can't ask user to authenticate him self every time and as we can't say when our refresh token will expire so this scenario can come anytime..
Is Refresh token an application or user specific? can a refresh token be used to request access token for different application?
is app specific..
How to encrypt the id token in azure ad/entra?
Is this token can be compromised? I know it is Base64 encoded. However, can it still be tampered if it travels down the wire? Is there any other security provisioned for this token on top of Base64 or Base64 is enough?
Is we get the refresh token in initial request itself via powershell instead of postman? Please advice on this
How to generate an authorization code? Also can you please explain how i can use access token in the header instead of authorization token
What if we use SAML instead of OpenID?
Hello Sir, please make a video on Exchange Hybrid mail flow
Great Video I want small help is it possible to add the payload in refresh token also like expiration time and all?
No customization of refresh token is not possible.
Can you demo how to configure Azure AD tokens with Nginx. Would be helpful
if you have anything very specific, reach out to me at learnconceptswork@gmail.com
Hello, if i want to write an app that retrieves new mail in a mailbox without user interactions will application only token work in this case ?
Yes that can be done, you have to access message endpoint.
How to get new token using refresh token using postmen
what is the liftime of these tokens?
docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes
hello sir ,
can u please guide me i have MFA implemented and with that how can we use lifetime access token. please reply me .
You can't implement lifetime access as there is token lifetime associated with each token.
Alternative, build access token and refresh token model.
@@ConceptsWork due to of MFA when ever i try to hit Refresh token api it gives an error.After that if i try to authenticate the user with CrmServiceClient and authtype client secret it error me "unable to login to dynamics crmorganizationserviceproxy is null" i am in very bad situation please help me new to dynamics.
nemely.com/blog/connect-to-multi-factor-enabled-d365-cds-programmatically-online-9-1/
i used this to implement. and thier is another way to implement using username and password then it works fine but not with client secret. Please help me
@@ConceptsWork Hope u reply me soon.
reach out to me at learnconceptswork@gmail.com
Please upload the scripts..
It's there in the description section of this video.