Support for Client Secret #686
Assignees
Comments
ghost
added
the
|
We do not support client secrets due to security reasons such as; unintentionally adding a secret to a script and committing it to a public repo. This is also what MSAL recommends when it comes to production apps. I'd suggest you use a certificate instead. We also have plans to support managed identities which will resolve the security concerns with secrets and credentials. See our authentication roadmap here #142 (comment). |
|
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. |
|
Agree that other methods should be used, I don't have an issue with that approach! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
I can see that you have certificate based authentication allowed but is it possible to have the ability to use ClientSecret as part of the authentication methods - this is available when authenticating an app against Microsoft Graph normally so would be super handy for use in PowerShell
AB#9818
The text was updated successfully, but these errors were encountered: