Retrieve access token from Microsoft Entra ID
Last updated
Was this helpful?
Last updated
Was this helpful?
This guide describes how to retrieve and store an application access token with a shared secret from Microsoft Entra ID. Access tokens are required to build integrations with Microsoft APIs like Microsoft Graph.
For more information about the configuration required on the Microsoft side, read about the in the Microsoft Documentation.
In Appfarm, this process requires setting up a that updates a . The service can be configured to update the secret at regular intervals using .
Sign in to the Microsoft Azure using an account with administrator permission.
Register an application.
Go to Microsoft Entra ID.
Click Add -> App registration.
In the Name field, enter a display name, for example appfarm.
Click Register.
Generate and record credentials.
Go to Certificates & secrets.
Click New client secret.
Enter the required details and click Add.
Note down the generated client secret Value. This value is required later in this process.
Go to Overview.
Note down the Application (client) ID and Directory (tenant) ID values.
Click Create Secret.
In the Name field, enter a name for the client secret credential, for example Microsoft Client Secret.
In the Value field, enter the client secret you noted down in Step 3.
Click Create.
Repeat this process, adding the application (client) ID and directory (tenant) ID values as secrets.
Create another secret to store the access token that will be used to authenticate individual requests to the Microsoft API.
Click Create Secret.
In the Name field, enter a name for the access token, for example Microsoft Access Token.
Click Create.
The value of this access token secret will be updated using a service.
Go to Services.
Click New Service.
Enter a name for the service, for example Microsoft Entra ID.
Click Create Service.
The service is then created along with a default endpoint.
Create a service variable. The service variable will be used to temporarily store a new access token before it is updated in the secret.
Go to Data using the top navigation.
Go to Service Variables.
Click Add Runtime Property.
In the Name field, enter a name for the service variable, for example Access Token.
Create an action to retrieve an access token and update the secret.
Go to Actions using the top navigation.
Click Add Action.
Enter a name for the action, for example Get access token.
Configure the web request with the following properties:
URL
Select Function.
Add the directory (tenant) ID secret created in step 4 as a function param.
Click OK.
Method
POST
Body Type
URL-encoded
Body Content
Click Add Form Data and add the following key-value pairs.
Key: grant_type, Value: client_credentials
Key: client_id, Value: Use the function editor to return the secret storing the application (client) ID created in step 4.
Key: client_secret, Value: Use the function editor to return the secret storing the client secret created in step 4.
Response Type
JSON (default)
Result Mapping
Click Add Result Mapping.
For the Data Source property, select Service Variables.
Under Property Mapping, for the service variable created in step 7, enter access_token.
Go to Endpoints using the top navigation.
Click the default endpoint.
In the Name field, enter a new name for the endpoint, for example Get access token. When you set a name, the Readable ID field will be automatically populated.
In the Process Action field, select the action created in step 8.
You can now start configuring the integration in Appfarm Create. First, add the credentials gathered in step 3 as .
In , go to Secrets.
Create a . You can also choose to use an existing service.
Add a . The web request will request a new access token and store it in the service variable.
Enter the following code where tenantId must match the name of the function param you just added: return ``
Key: scope, Value: See the . For Microsoft Graph integration, you might set https://graph.microsoft.com/.default.
Add an .
Configure the condition to check if the service variable created in has a value.
Add an inside the If action node you just added.
For the Secret property, select the access token secret created in .
For the Value property, select the service variable created in .
Configure the.
You can now trigger this endpoint to refresh the access token. We recommend to call the endpoint and refresh the token automatically at a given interval.
The secret can then be used as the bearer token value for authentication when you make API calls using the .
