Thanks for the great demo. I just had one question. If I have a single page app or a native app and a backend API (django rest) completely independen of each other. In my case if my single page app/native apl wants to access certain data from backend API. And inorder to access the API, user should be logged in to the backend API. So what my approch is to make use of MSAL library to get the access token from the SPA/native app and then once token is acquired, pass that token to backend API, validate it, get the user info from graph api, if user is exists in the DB login the user and pass the required info. If user info doesn't exist then create the user, login and pass the info from API. So my question is when I pass the access token to backend api. How can we validate that the token which we passed to backend API is valid token or not? Is it just we need to make an API call to graph API? if it is able to get the user data then token is valid or if it fails then the token is invalid. Is it the general way to validate the token or some better approach is there? Please help
Useful video, but couldn't understand refresh token, how it can be revoked. How token lifetime policy will impact the flow If we have sign-in frequency under conditional access policy, will the access token expire at sign in frequency?
Hello conceptworks, Very good explanation of tokens, I just have a question: that is the default expiration for access token from Entra ID connect? What is the difference between refresh token and Primary Refresh Token PRT? Best regards,
@@ConceptsWork: Perfect.. thanks for your quick answer. love your videos. you way to explain is excellent. I will join again to the community you are very very good.
Hi, it was very informative. i have one doubt though. In my case i want to run some thread in background just to sync users data in our system and as we know access token expire in an hour and then we can use refresh token to get new access token. let me know how i can make sure that my refresh token never expire so that i can grab new access token always.
In my scenerio i can't ask user to authenticate him self every time and as we can't say when our refresh token will expire so this scenario can come anytime..
Is this token can be compromised? I know it is Base64 encoded. However, can it still be tampered if it travels down the wire? Is there any other security provisioned for this token on top of Base64 or Base64 is enough?
@@ConceptsWork due to of MFA when ever i try to hit Refresh token api it gives an error.After that if i try to authenticate the user with CrmServiceClient and authtype client secret it error me "unable to login to dynamics crmorganizationserviceproxy is null" i am in very bad situation please help me new to dynamics.
nemely.com/blog/connect-to-multi-factor-enabled-d365-cds-programmatically-online-9-1/ i used this to implement. and thier is another way to implement using username and password then it works fine but not with client secret. Please help me