Skip to content
Advertisement

Verify Client ID and Client Secret before using it in Application

We have a use case in which Admin can set Google Or Microsoft’s Apps Client Id and Secrets that can later be used for all users who sign up with this Admin’s link, Is there a way to verify these fields before saving/using them?

like for Microsoft,How do I verify this info that admin is providing? Is there any API call to verify it?

enter image description here

Advertisement

Answer

Update:

I am able to do this for G suite, what I did was:

1- Create a request to get token from client id and secret, (with wrong code). 2- In response, google returns ‘invalid_client’ in case the credentials are wrong and ‘invalid_grant’ in case the credentials are correct. (because Code is wrong too.)

try:      
    discovery_url = settings.GOOGLE_DISCOVERY_URL
    callback_url = settings.BASE_URL + "/accounts/invite/google/signup/callback/"

    client = WebApplicationClient(client_id)

    identity_provider_config = requests.get(
        discovery_url,
    ).json()

    token_endpoint = identity_provider_config["token_endpoint"]

    token_url, headers, body = client.prepare_token_request(
        token_endpoint, redirect_url=callback_url, code='**code'**
    )

    token_response = requests.post(
        token_url,
        headers=headers,
        data=body,
        auth=(client_id, client_secret),
    ).json()
    # Parse the tokens!
    client.parse_request_body_response(json.dumps(token_response))

except Exception as error:        
        json_object = json.loads(error.json)
        pairs = json_object.items()
        if list(pairs)[0][1] == 'invalid_grant':
            return "Your credentials are correct"
        if list(pairs)[0][1] == 'invalid_client':
            return "Your credentials are NOT correct"

FOR MICROSOFT: For microsoft, additional tenant id is required in order to do this:

We did this in following way:

def validate_azure_credentials(client_id, client_secret, tenant_id):
    """
    validate client id and secret from microsoft and google
    """
    try:
        app = msal.ConfidentialClientApplication(
            client_id=client_id,
            client_credential=client_secret,
            authority=f"https://login.microsoftonline.com/{tenant_id}",
        )

    # call for default scope in order to verify client id and secret.
    scopes = ["https://vault.azure.net/.default"]
    token = app.acquire_token_for_client(scopes=scopes)

    if token.get("access_token") is None:
        return IdpResponseMessages.INVALID_CREDENTIALS

    return IdpResponseMessages.VALID_CREDENTIALS

except Exception as error:
    logger.debug(f"Exception {error}")
    return str(error)
User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement