12

I am developing an outlook plugin.I want use one drive API's in it.I easily got the client Id and client secret for using API's for one drive personal accounts.But, when I registered my application for one drive business API's in azure active directory, it created only a client Id for me, but didn't create any client secret.I chose native app while registering, as my app is a native app.I can't authenticate the user without the client secret.Please let me know , how to get the client secret?Thanks in advance.

V K
  • 1,645
  • 3
  • 26
  • 57

3 Answers3

9

Create Application and click on keys. Add some description and expiry as required and Click Save. Key will be auto generated. Make sure you copy and save the Key else it will be hidden.

enter image description here enter image description here enter image description here enter image description here

Kurkula
  • 6,386
  • 27
  • 127
  • 202
  • 3
    Somethings wrong with the image refs? When I click on the 2nd one I get the 1st, when I click on the 4th one I get the 3rd...? – bytedev Mar 13 '18 at 15:35
  • One additional note: this requires the AAD app to be registered as "Web API/APP". For "Native Client" AAD app, there's no such option. – Robert Dec 13 '18 at 04:36
  • 1
    At time of writing this comment (28-Jun-19), it appears that Native apps can now have Secrets .. – Chris Hammond Jun 27 '19 at 07:51
8

Native clients don't have any secrets associated to them - given that they are meant to run on devices, it is assumed that they would not be able to protect a secret. Native clients use the clientID for indicating the client app, but the authentication is always done by involving a user identity in the process. If you pick any of the native client samples in http://github.com/azureadsamples you will see how the clientid is enough to trigger user auth.

vibronet
  • 7,364
  • 2
  • 19
  • 21
  • But the one drive API documentation says that I have to pass client secret in order to get access token. – V K Sep 17 '15 at 11:32
  • That flow refers to web sites performing calls. Web sites can protect keys and can act autonomously even after the user is no longer present. You should be able to follow the same instructions for provisioning apps applied for native clients, omitting the client secret. – vibronet Sep 18 '15 at 07:13
  • Thanx for the help, I'll try it and post the results. – V K Sep 18 '15 at 14:08
  • I tried not sending client secret in http web request.It worked in step 2 shown in the link.But in step 4, it is giving bad request(400) error . And when I send a random string as a client secret, it is giving unauthorized error(401). What should I do? – V K Sep 24 '15 at 09:05
  • Sending a secret will not help, given what we discussed so far... Especially a random string :) I will point his thread to the one drive guys. – vibronet Sep 24 '15 at 15:17
  • The problem is solved.I don't need to pass client secret at all.The problem is with the example of step 4 on this [link]https://dev.onedrive.com/auth/aad_oauth.htm) ; the one drive guys have written: `POST https://login.windows.net/common/oauth2/token Content-Type: application/x-www-form-urlencoded client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret} &refresh_token={refresh_token}&grant_type=refresh_token&resource={resource_id}` There is a correction in the above example that, instead of writing "resource={resource_id}" , it should be "resource_id={resource_id}". – V K Sep 28 '15 at 07:17
3

Once you move off the page after saving your information, you cannot get the client secret from the Azure website. You need to create a new secret and when you click save, immediately go and copy the secret and store it securely. This is the only time it is available from the Azure website.

Rich Ross
  • 790
  • 4
  • 14
  • 1
    Rich, you are absolutely correct in general - but in this case VK won't be able to even add a secret to begin with given the nature of his app – vibronet Sep 16 '15 at 16:53
  • 3
    This entire OneDrive for Business API is so damn confusing. "One to rule them all" my ass. The official documentation and provided samples does not cover anything related to usage within the native applications. Some links at MSDN and on dev.onedrive.com are contradictory, at least how they link these, maybe they work for different things but it's not obvious. And the only way to skip (somehow) user interaction is to automate the entire login with Selenium or to use some other UI automation which makes this API completely useless since you can't even start using it without user interaction. – ShP Feb 24 '16 at 15:25
  • Agree with ShP. If anyone else is looking for the ClientSecret - It is the value that you input for a key for the Azure Ad application (in the Key blade). – Rahatur Mar 21 '19 at 09:46