Creating OAuth2.0 JWT Certificate Credentials
Following are the steps for creating JWT certificate credentials for OAuth2.0 authentication:
Steps for registering an application and assigning API permissions
-
Create an application in Azure and register it. For more infomation, refer to register a new application in the Microsoft documentation.
-
Get an Application ID (Client ID) after the app registration, and then generate a Client Secret for it.
-
Assign API permissions to the Application ID (Client ID). For more information, refer to API permissions in the Microsoft documentation.
Screenshot
If you have already completed above steps, you can skip them and proceed directly to the Steps for creating and using the certificate.
Steps for creating and using the certificate
-
Run PowerShell as an administrator on any of the windows machine,and then generate a self-signed certificate with the following command:
New-SelfSignedCertificate -DnsName "SPOnline" -CertStoreLocation "cert:\LocalMachine\My"
-
Go to certlm.msc > Personal > Certificates > Export, the export wizard will open and you can step through the process to export the certificate in PFX format.
-
Select Include all certificates in the certification path if possible and Enable certificate privacy.
-
Provide a password to protect the private key using AES-256-SHA256 encryption. This password will be required when you sign your applications using the PFX file you are generating.
-
Save on any directory of your choice. Download openssl or use Git Bash.
Copy the PFX file into the same directory where the command prompt or terminal is opened as an administrator, and run the following commands one by one, pressing Enter after each:
-
openssl pkcs12 -in test1.pfx -nocerts -out sp.key
-
openssl pkcs12 -in test1.pfx -clcerts -nokeys -out sp.crt
-
openssl rsa -in sp.key -out rsasp.key
-
-
Upload the crt file on the Azure system.
-
rsasp.keyandsp.crtThe Private Key Password is the pass-phrase you provided when generating the
sp.key.
