To what should an application connect to retrieve security tokens?
To what should an application connect to retrieve security tokens?
Azure Active Directory (Azure AD) is a centralized identity provider in the cloud that authenticates users and applications. When an application needs to retrieve security tokens, it should connect to Azure AD. Azure AD issues security tokens such as OAuth2 access tokens, OpenID Connect ID tokens, and SAML tokens to users and applications after they have been authenticated.
It should be D, instead of B. Azure key vault keep Security Tokens https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis
agreed
IT IS B: The link below states that tokens comes from Azure AD https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-app?tabs=dotnet
D, token , API key are in key Vault.
Security Token is not a Secret. Password, Private Keys, Certificates, etc., are secrets. Tokens are generated when request is made and they change with almost each request and valid for short duration only. So, there is no point in protecting the token by storing it in the vault to use it when needed, it is not a static value.
The answer B is correct, because it asks what "an application should connect to". An Application cannot connect to a Key Vault.
Actually, the Key Vault can be accessed by an Application to retrieve secure information. So I'm not sure if AD is the only right answer here...
But in the context of the answer, I believe AD is more appropriate as per https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios#security-tokens
Totally agree with you richardsonbq :)
https://docs.microsoft.com/bs-latn-ba/azure/active-directory-b2c/active-directory-b2c-apps AD is correct
Finally! :) Absolutely agree
humm, if your app is hosted in app service how it replace the values in appSettings if it can not connect to the key vault?
An application should connect to the Azure Active Directory (Azure AD) authentication endpoint to retrieve security tokens. Azure AD provides different authentication endpoints for different scenarios, but the most common endpoint used to retrieve security tokens is the OAuth 2.0 authorization endpoint. The endpoint URL is typically formatted as follows: ``` https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token ``` Where `{tenant}` is the name or ID of the Azure AD tenant that the application is registered in. To retrieve an access token from the OAuth 2.0 authorization endpoint, the application must first obtain an authorization code from the Azure AD authorization endpoint. The authorization code is obtained by redirecting the user to a sign-in page, where the user signs in with their Azure AD credentials and consents to the application's requested permissions.
the cuestion is right , it says applications security tokens not users , and of course application connect to key vault to can replace values of appSettings properties
When an application needs to authenticate itself or a user to access another service, it typically requests a security token from Azure AD, which validates the credentials and returns a token that the application can use to access the desired service.
D is the correct answer.
imho it is B, https://learn.microsoft.com/en-us/azure/key-vault/general/authentication - check the diagram
Its D Storing Application Secrets: API Keys and Tokens: Securely store API keys, tokens, and other sensitive configuration data that applications need to access. Database Connection Strings: Store connection strings securely and retrieve them as needed for application configuration.
Answer D In the context of Azure and authentication, an application typically connects to Azure Active Directory (Azure AD) to retrieve security tokens. Azure AD is Microsoft's cloud-based identity and access management service that helps your users sign in and access resources
Sorry B - Azure Active Directory (Azure AD)
Azure AD authenticates users and provides access tokens. Key Vault stores it.
Key vault stores tokens, AAD is used to retrieve them
To retrieve security tokens, applications should connect to key vault and users should connect to AAD
I agree with B. When an application needs to retrieve security tokens, it should connect to Azure AD. Azure AD issues security tokens, such as OAuth2 access tokens, OpenID Connect ID tokens, and SAML tokens, to users and applications after they have been authenticated.
b is the correct answer : https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios
I'm voting for B. I am interpreting 'Receiving security tokens' as a set of claims when you connect to... Azure AD.
Addendum to myself: See https://learn.microsoft.com/en-us/azure/active-directory/develop/security-tokens It's definitely Azure AD.
The Azure Key Vault store Keys. Azure AD give acces tokens.
D is the correct answer ...