Microsoft OAuth2. How to setup a client ID for use in desktop software?
Use this information when you need to connect to Microsoft Azure, Microsoft Outlook or Microsoft Exchange using OAuth2 from a desktop application.
Find more information about the Microsoft OAuth2 end-points and scope values.
Microsoft OAuth2 Specifics
The client ID identifies your application with the Microsoft OAuth2 services.
Normally for OAuth2 you’ll need a client secret too. However, Microsoft does not allow the use of a client secret in desktop applications. This is because it’s very difficult to keep any secrets in a desktop application and a 3rd party could use your client id / secret combination to impersonate your application.
Also, you’ll need to use the ‘OAuth2 device code flow’ which means setting up an application for limited-input devices.
Create a client ID
Before you can start to create a client ID you’ll need to have a Microsoft Azure account. If you don’t have a Microsoft Azure account yet you can create it.
The client ID is a part of an application that’s registered in your Microsoft Azure Active Directory so the first part of setting up a client ID is to register a new application.
Setup a client ID for your application using the following steps:
1. Sign in to the azure portal (https://portal.azure.com).
2. Click on the ‘Azure Active Directory’ service to go there.
3. In the left hand menu click on the ‘App registrations’
4. You’ll now see your existing applications or an empty list on the right hand of the screen. On top of that list click on ‘New registration’ to start the registration of your application.
5. Fill out the ‘Register an application’ form.
The name of your application is going to be visible when logging in using OAuth2.
The supported account types depends on how you want to use your application (client ID). If you just want to authorize accounts inside your own Azure environment then the first options is most suitable.
Since this is for a desktop application that will use the ‘Device code flow’ for limited input devices you can leave the redirect URL empty.
6. Click on ‘Register’ and find the client ID.
The client ID will be the top ID listed as ‘Application (client) ID’.
Set to ‘multi-tenant’ and ‘Allow public client flows’
Go to the ‘Authentication’ section under ‘Manage’ to find all authentication options.
1. Select ‘Multi-tenant’
2. Click yes on ‘Allow public client flows’
3. Click on ‘Save’
That’s it. You can now use the client ID in your OAuth2 desktop application.
Use ‘device code flow’ and the ‘common’ tenant option in your devicecode and token end-points.