Following the OAuth 2.0 standard, ModelOp Center requires the following Azure AD configurations when used with OAuth2for a successful integration:
Apps
...
gateway-service
...
internal-client
...
external-integration-client
...
go-cli
Scopes
...
custom_scope
App
...
role
modelop_client
Access
...
token version: 2
Normally, access tokens issued by Azure AD are issued for Microsoft Graph. However, ModelOp Center needs access tokens issued for the aforementioned applications. To accomplish that, each application needs a manually created scope (Expose an API tab; Add a scope), custom_scope
for example, to indicate the access tokens issued for the given application are intended for the application and not Microsoft Graph. Additionally, the custom_scope
has to be added as a permission (API permissions tab; Add a permission) on the application and admin consent must be granted (API permissions tab; Grant admin consent for), so that the application can actually use the permission.
For more details per application, please reference the following table:
Proposed | Platform | Application (Client | ) ID RequiredSecret | Grant Type | Scope | App Roles | Token Claim | Redirect URIs | |
---|---|---|---|---|---|---|---|---|---|
|
| ✔ ✔ | Authorization Code |
|
|
| |||
| ✔ ✔ | Client Credentials |
|
| |||||
|
| Implicit |
|
|
| ||||
| ✔ | ✔ | Password |
|
|
NOTE: Once the internal-client
app has been created, please open the Overview tab for the app and click on:
"Add an Application ID URI"
“Set”
“Save” the suggested Application ID URI.
In addition to the configurations at Azure AD, ModelOp Center will need to be configured with the following values for:
Issuer URI
Authorization URI
Token URI
JWKS URI
Client ID for each application
Client Secret for each application