Retrieve access token from Microsoft Entra ID
This guide describes how to retrieve and store an application access token with a shared secret from Microsoft Entra ID. Access tokens are required to build integrations with Microsoft APIs like Microsoft Graph.
For more information about the configuration required on the Microsoft side, read about the client credentials flow in the Microsoft Documentation.
In Appfarm, this process requires setting up a service that updates a secret. The service can be configured to update the secret at regular intervals using schedules.
Example
An example service based on Microsoft Sharepoint integration is available in our Showroom.
Step 1
Sign in to the Microsoft Azure portal using an account with administrator permission.
Step 2
Register an application.
Go to Microsoft Entra ID.
Click Add -> App registration.
In the Name field, enter a display name, for example
appfarm
.Click Register.
Step 3
Generate and record credentials.
Go to Certificates & secrets.
Click New client secret.
Enter the required details and click Add.
Note down the generated client secret Value. This value is required later in this process.
Go to Overview.
Note down the Application (client) ID and Directory (tenant) ID values.
Step 4
You can now start configuring the integration in Appfarm Create. First, add the credentials gathered in step 3 as secrets.
In Appfarm Create, go to Secrets.
Click Create Secret.
In the Name field, enter a name for the client secret credential, for example
Microsoft Client Secret
.In the Value field, enter the client secret you noted down in Step 3.
Click Create.
Repeat this process, adding the application (client) ID and directory (tenant) ID values as secrets.
Step 5
Create another secret to store the access token that will be used to authenticate individual requests to the Microsoft API.
Click Create Secret.
In the Name field, enter a name for the access token, for example
Microsoft Access Token
.Click Create.
The value of this access token secret will be updated using a service.
Step 6
Create a service. You can also choose to use an existing service.
Go to Services.
Click New Service.
Enter a name for the service, for example
Microsoft Entra ID
.Click Create Service.
The service is then created along with a default endpoint.
Step 7
Create a service variable. The service variable will be used to temporarily store a new access token before it is updated in the secret.
Go to Data using the top navigation.
Go to Service Variables.
Click Add Runtime Property.
In the Name field, enter a name for the service variable, for example
Access Token
.
Step 8
Create an action to retrieve an access token and update the secret.
Go to Actions using the top navigation.
Click Add Action.
Enter a name for the action, for example
Get access token
.Add a Web request action node. The web request will request a new access token and store it in the service variable.
Configure the web request with the following properties:
URL
Select Function.
Add the directory (tenant) ID secret created in step 4 as a function param.
Enter the following code where tenantId must match the name of the function param you just added:
return `
https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token
`
Click OK.
Method
POST
Body Type
URL-encoded
Body Content
Click Add Form Data and add the following key-value pairs.
Key:
grant_type
, Value:client_credentials
Key:
client_id
, Value: Use the function editor to return the secret storing the application (client) ID created in step 4.Key:
client_secret
, Value: Use the function editor to return the secret storing the client secret created in step 4.Key:
scope
, Value: See the Microsoft documentation. For Microsoft Graph integration, you might sethttps://graph.microsoft.com/.default
.
Response Type
JSON (default)
Result Mapping
Click Add Result Mapping.
For the Data Source property, select
Service Variables
.Under Property Mapping, for the service variable created in step 7, enter
access_token
.
Add an If action node.
Configure the condition to check if the service variable created in step 7 has a value.
Add an Update secret action node inside the If action node you just added.
Step 9
Configure the service endpoint.
Go to Endpoints using the top navigation.
Click the default endpoint.
In the Name field, enter a new name for the endpoint, for example
Get access token
. When you set a name, the Readable ID field will be automatically populated.In the Process Action field, select the action created in step 8.
You can now trigger this endpoint to refresh the access token. We recommend creating a schedule to call the endpoint and refresh the token automatically at a given interval.
The secret can then be used as the bearer token value for authentication when you make API calls using the web request action node.
Last updated