OAuth Certificate based Authentication

Certificate based authentication is supported for the OAuth 2.0 client credentials flow. Certificates can be stored and managed in the Credentials node of the Therefore™ Solution Designer. The credential store supports selecting a certificate for OAuth / REST Authentication.

Configuring the Certificate

Create a self-signed certificate to be used. This can be done using the PnP PowerShell modulle.

First, run the following command:

Copy

Install-Module PnP.PowerShell -Scope CurrentUser

Then:

Copy

$cert = New-PnPAzureCertificate -CommonName "TestCert" -OutPfx .\my-certificate.pfx -OutCert .\my-certificate.cer -ValidYears 2 -CertificatePassword (Read-Host -AsSecureString -Prompt "The#1234")

Note:

For further documentation on this step, follow the links below:

https://learn.microsoft.com/de-de/sharepoint/dev/sp-add-ins-modernize/from-acs-to-aad-apps

https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-self-signed-certificate

https://pnp.github.io/powershell/

Create the App in Microsoft Entra ID.
1. Click the 'Add' button in the top left of the screen and select 'App registration'.
2. Enter the name and other details required to create the application.
3. Navigate to the Authentication tab of the app, under 'Mobile Devices and Desktop Application' and tick the option: 'http://login.microsoftonline.com/common/oauth2/nativeclient'.
4. Enter the API Permissions tab, add read and write permissions to the application.
5. In the Certificates and Secrets tab, upload the public certificate file (ending in .cer) generated in the first part of the tutorial. No client secret will be required.
Add the credential to Therefore™.
1. In the Therefore™ Solution Designer, right-click the Credentials node and select 'New Web Credential'. The .pfx file and Certificate password will be required here.
2. Click the 'Authenticate' button when complete. If configured correctly the credential will authenticate successfully.