Creating a ConfidentialClientApplication instance
The first step is preparing for authentication. To do this, we'll use the ConfidentialClientApplication class of the MSAL SDK. More information about this can be found here
, but, in short a confidential client application simply means you "trust" where the application is running and you have the option to safely store credentials for that application. In case of Windows service or Linux deamon, this should be the case (else, your server has been compromised). We use the fluent builder to create this object.
Some important remarks / things I figured out from different sources (MSDN, SO, ...):
- In general, you'll find the URL to use is with the "common" part in it, like in my commented lines. This didn't work for me and results in an Authorization_IdentityNotFound exception when calling MS Graph. The solution is to replace the common part of the URL with the tenant ID of your registered application (see above)
- Admittedly, it might be better to have the whole URL from the configuration
- Keep your application object alive! If you read the documentation, you'll find out that tokens are cached. For other types of applications you have to cache tokens yourself, but, for a confidential client application with fixed client credentials, the application object itself will cache the token.
When the application object is built, you can call the acquireToken functions to get a new access token. However, in our scenario we do this later on in the application.