{"id":863,"date":"2023-08-24T23:29:14","date_gmt":"2023-08-24T15:29:14","guid":{"rendered":"https:\/\/www.ruianding.com\/blog\/?p=863"},"modified":"2023-08-31T01:48:34","modified_gmt":"2023-08-30T17:48:34","slug":"utilizing-powershell-for-testing-the-client-credential-flow-with-certificate","status":"publish","type":"post","link":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/","title":{"rendered":"Utilizing PowerShell for Testing the Client Credential Flow with Certificate"},"content":{"rendered":"\n

Overview<\/h3>\n\n\n\n

In the world of secure authentication, understanding the Client Credential flow supported by certificates is extremely important. However, grasping the details of this authentication method can be quite challenging. This is mainly because of the complex interaction between different parts that need careful setup to make sure everything works smoothly. This article explores the details of the Client Credential flow, explaining how it works, and also aims to help you get better at solving problems that might come up due to its complexities.<\/p>\n\n\n\n

1. Creating the Certificate<\/strong><\/h3>\n\n\n\n

1.1 Generating a new self-signed certificate using PowerShell<\/h4>\n\n\n\n

To do this, execute the following command:<\/p>\n\n\n\n

New-SelfSignedCertificate -Subject \"CN=ClientCredentialKey\" -KeyExportPolicy Exportable -KeySpec Signature -KeyUsage DigitalSignature -Type Custom -FriendlyName \"ClientCredentialFlowCert\" -CertStoreLocation \"Cert:\\CurrentUser\\My\"<\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
This command will create a self-signed certificate named “ClientCredentialFlowCert” along with its private key.<\/p>\n\n\n\n
1.2 Export the public key of the self-signed certificate<\/h4>\n\n\n\n
Press Win + R<\/strong> to open the Run dialog.<\/p>\n\n\n\n
Type certmgr.msc<\/strong> and press Enter. This will open the “Current User”<\/strong> certificate store.<\/p>\n\n\n\n
Expand the Personal Store and locate the certificate created in the previous step.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Right-click on the certificate, navigate to “All Tasks<\/strong>,” and choose “Export<\/strong>.”<\/p>\n\n\n\n
Follow the prompts, selecting “No, do not export the private key<\/strong>,” and save the exported public key.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Proceed to the Azure portal and find the app registration representing the client. <\/p>\n\n\n\n
In the Azure portal, navigate to the “Certificates & secrets<\/strong>” menu of the app registration. Go to the Certificates tab and upload the previously exported public key of the certificate.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
2. Testing Client Credential Flow with Certificate-based Authentication<\/h3>\n\n\n\n
2.1 Utilizing the PowerShell Script<\/h4>\n\n\n\n
The following PowerShell script utilizes the certificate generated in the “Creating the Certificate” step to establish authentication with AAD. This script automatically generates the required client_assertion and initiates the authentication request to AAD through the Client Secret flow.<\/p>\n\n\n\n
# Replace with your own tenant name\n$TenantName = \"rayaki.onmicrosoft.com\"\n\n# Enter the Client\/App ID of your app  \n$AppId = \"481d41e0-e265-4ae4-aaac-000000000000\"  \n\n# Replace the thumbprint to your self-signed cert\n$Certificate = Get-Item Cert:\\CurrentUser\\My\\<thumbprint of your cert>\n\n# Example: \"https:\/\/graph.microsoft.com\/.default\" \n$Scope = \"https:\/\/graph.microsoft.com\/.default\"  \n  \n# Create base64 hash of certificate  \n$CertificateBase64Hash = [System.Convert]::ToBase64String($Certificate.GetCertHash())  \n  \n# Create JWT timestamp for expiration  \n$StartDate = (Get-Date \"1970-01-01T00:00:00Z\" ).ToUniversalTime()  \n$JWTExpirationTimeSpan = (New-TimeSpan -Start $StartDate -End (Get-Date).ToUniversalTime().AddMinutes(2)).TotalSeconds  \n$JWTExpiration = [math]::Round($JWTExpirationTimeSpan,0)  \n  \n# Create JWT validity start timestamp  \n$NotBeforeExpirationTimeSpan = (New-TimeSpan -Start $StartDate -End ((Get-Date).ToUniversalTime())).TotalSeconds  \n$NotBefore = [math]::Round($NotBeforeExpirationTimeSpan,0)  \n  \n# Create JWT header  \n$JWTHeader = @{  \n    alg = \"RS256\"  \n    typ = \"JWT\"  \n    # Use the CertificateBase64Hash and replace\/strip to match web encoding of base64  \n    x5t = $CertificateBase64Hash -replace '\\+','-' -replace '\/','_' -replace '='  \n}  \n  \n# Create JWT payload  \n$JWTPayLoad = @{  \n    # What endpoint is allowed to use this JWT  \n    aud = \"https:\/\/login.microsoftonline.com\/$TenantName\/oauth2\/token\"  \n  \n    # Expiration timestamp  \n    exp = $JWTExpiration  \n  \n    # Issuer = your application  \n    iss = $AppId  \n  \n    # JWT ID: random guid  \n    jti = [guid]::NewGuid()  \n  \n    # Not to be used before  \n    nbf = $NotBefore  \n  \n    # JWT Subject  \n    sub = $AppId  \n}  \n  \n# Convert header and payload to base64  \n$JWTHeaderToByte = [System.Text.Encoding]::UTF8.GetBytes(($JWTHeader | ConvertTo-Json))  \n$EncodedHeader = [System.Convert]::ToBase64String($JWTHeaderToByte)  \n  \n$JWTPayLoadToByte =  [System.Text.Encoding]::UTF8.GetBytes(($JWTPayload | ConvertTo-Json))  \n$EncodedPayload = [System.Convert]::ToBase64String($JWTPayLoadToByte)  \n  \n# Join header and Payload with \".\" to create a valid (unsigned) JWT  \n$JWT = $EncodedHeader + \".\" + $EncodedPayload  \n  \n# Get the private key object of your certificate  \n$PrivateKey = ([System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($Certificate))  \n  \n# Define RSA signature and hashing algorithm  \n$RSAPadding = [Security.Cryptography.RSASignaturePadding]::Pkcs1  \n$HashAlgorithm = [Security.Cryptography.HashAlgorithmName]::SHA256  \n  \n  \n# Create a signature of the JWT  \n$Signature = [Convert]::ToBase64String(  \n    $PrivateKey.SignData([System.Text.Encoding]::UTF8.GetBytes($JWT),$HashAlgorithm,$RSAPadding)  \n) -replace '\\+','-' -replace '\/','_' -replace '='  \n  \n# Join the signature to the JWT with \".\"  \n$JWT = $JWT + \".\" + $Signature  \n  \n# Create a hash with body parameters  \n$Body = @{  \n    client_id = $AppId  \n    client_assertion = $JWT  \n    client_assertion_type = \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\"  \n    scope = $Scope  \n    grant_type = \"client_credentials\"  \n  \n}  \n  \n$Url = \"https:\/\/login.microsoftonline.com\/$TenantName\/oauth2\/v2.0\/token\"  \n  \n# Use the self-generated JWT as Authorization  \n$Header = @{  \n    Authorization = \"Bearer $JWT\"  \n}  \n  \n# Splat the parameters for Invoke-Restmethod for cleaner code  \n$PostSplat = @{  \n    ContentType = 'application\/x-www-form-urlencoded'  \n    Method = 'POST'  \n    Body = $Body  \n    Uri = $Url  \n    Headers = $Header  \n}  \n  \n$Request = Invoke-RestMethod @PostSplat  \n\n# View access_token  \n$Request.access_token\n<\/pre>\n\n\n\n
Once the script is executed successfully, you will observe the retrieval of an access token<\/strong>.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Please take note that the Access token mentioned above corresponds to the final result, contains the process that sending the client assertion to the token endpoint. It’s important to understand that this script does not directly display the client assertion itself. For a clearer view of the client assertion within the HTTP trace, kindly refer to the subsequent section.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
3. Deep Dive<\/h3>\n\n\n\n
3.1 Understanding the Script’s Actions<\/strong><\/p>\n\n\n\n
We can perform a Fiddler capture to observe the process. Within the capture, there’s a frame where the client_assertion<\/strong> is sent to the OAuth token endpoint in order to obtain the access token.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
3.2 Decode the client_assertion<\/strong><\/h4>\n\n\n\n
We can also trace the events in reverse. The x5t<\/code> represents the x509 certificate thumbprint. In the example below, this thumbprint is transformed into a Base64 string<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
As demonstrated below, this value can be converted into its hexadecimal representation, which corresponds to the value displayed on the certificate.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
3.3 How we obtained the client_assertion ($JWT in the PsScript) parameter<\/h4>\n\n\n\n
Client_assertion <\/strong>is created using the System.IdentityModel.Tokens.Jwt library, which takes the client ID and the certificate as input, and creates a JWT security token. The JwtSecurityTokenHandler is then used to write the token to a string, which is then assigned to the client_assertion<\/strong> parameter. The JWT string is encoded with the certificate and includes a signature that the token endpoint can use to authenticate the client.<\/p>\n\n\n\n
Initially, we observe the construction of the JWT parameter through EncodedHeader and EncodedPayload<\/p>\n\n\n\n
# Join header and Payload with \".\" to create a valid (unsigned) JWT  \n$JWT = $EncodedHeader + \".\" + $EncodedPayload  <\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Ultimately, the signature is appended to create a comprehensive Client_assertion<\/strong> JWT<\/p>\n\n\n\n
# Join the signature to the JWT with \".\"  \n$JWT = $JWT + \".\" + $Signature  <\/pre>\n\n\n\n
The signature value has been signed using the private key of the certificate.<\/p>\n\n\n\n
# Get the private key object of your certificate  \n$PrivateKey = ([System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($Certificate))<\/pre>\n\n\n\n
Recall the initial step when the private key was extracted from the personal store.<\/p>\n\n\n\n
# Replace the thumbprint to your self-signed cert\n$Certificate = Get-Item Cert:\\CurrentUser\\My\\<thumbprint of your cert><\/pre>\n\n\n\n
Once we have the fully assembled Client_assertion JWT, we proceed to send it to the OAuth token endpoint in order to obtain the access token.<\/p>\n\n\n\n
3.4 Use Postman to replay the token request with Client_assertion<\/h4>\n\n\n\n
\"\"<\/figure>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Overview In the world of secure authentication, understanding the Client Credential flow supported by certificates is extremely important. However, grasping the details of this authentication method can be quite challenging. This is mainly because of the complex interaction between different parts that need careful setup to make sure everything works smoothly. This article explores the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[31,35],"tags":[45],"class_list":["post-863","post","type-post","status-publish","format-standard","hentry","category-azuretopics","category-saas","tag-saas"],"yoast_head":"\nUtilizing PowerShell for Testing the Client Credential Flow with Certificate - \u6781\u7b80IT\uff5cSimpleIT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Utilizing PowerShell for Testing the Client Credential Flow with Certificate - \u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"og:description\" content=\"Overview In the world of secure authentication, understanding the Client Credential flow supported by certificates is extremely important. However, grasping the details of this authentication method can be quite challenging. This is mainly because of the complex interaction between different parts that need careful setup to make sure everything works smoothly. This article explores the […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/\" \/>\n<meta property=\"og:site_name\" content=\"\u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-24T15:29:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-30T17:48:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/08\/image-37.png\" \/>\n<meta name=\"author\" content=\"Ruian Ding\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ruian Ding\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/\"},\"author\":{\"name\":\"Ruian Ding\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"headline\":\"Utilizing PowerShell for Testing the Client Credential Flow with Certificate\",\"datePublished\":\"2023-08-24T15:29:14+00:00\",\"dateModified\":\"2023-08-30T17:48:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/\"},\"wordCount\":626,\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/08\/image-37.png\",\"keywords\":[\"SAAS\"],\"articleSection\":[\"Azure Topics\",\"SaaS\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/\",\"name\":\"Utilizing PowerShell for Testing the Client Credential Flow with Certificate - \u6781\u7b80IT\uff5cSimpleIT\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/08\/image-37.png\",\"datePublished\":\"2023-08-24T15:29:14+00:00\",\"dateModified\":\"2023-08-30T17:48:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#primaryimage\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/08\/image-37.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/08\/image-37.png\",\"width\":983,\"height\":174},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ruianding.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Utilizing PowerShell for Testing the Client Credential Flow with Certificate\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\",\"url\":\"https:\/\/www.ruianding.com\/blog\/\",\"name\":\"Ruian's Tech Troubleshooting Toolbox\",\"description\":\"Debug the World.\",\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"alternateName\":\"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\",\"name\":\"Ruian Ding\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"width\":284,\"height\":284,\"caption\":\"Ruian Ding\"},\"logo\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\"},\"description\":\"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.\",\"sameAs\":[\"https:\/\/www.ruianding.com\"],\"url\":\"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Utilizing PowerShell for Testing the Client Credential Flow with Certificate - \u6781\u7b80IT\uff5cSimpleIT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/","og_locale":"en_US","og_type":"article","og_title":"Utilizing PowerShell for Testing the Client Credential Flow with Certificate - \u6781\u7b80IT\uff5cSimpleIT","og_description":"Overview In the world of secure authentication, understanding the Client Credential flow supported by certificates is extremely important. However, grasping the details of this authentication method can be quite challenging. This is mainly because of the complex interaction between different parts that need careful setup to make sure everything works smoothly. This article explores the […]","og_url":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/","og_site_name":"\u6781\u7b80IT\uff5cSimpleIT","article_published_time":"2023-08-24T15:29:14+00:00","article_modified_time":"2023-08-30T17:48:34+00:00","og_image":[{"url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/08\/image-37.png","type":"","width":"","height":""}],"author":"Ruian Ding","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ruian Ding","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#article","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/"},"author":{"name":"Ruian Ding","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"headline":"Utilizing PowerShell for Testing the Client Credential Flow with Certificate","datePublished":"2023-08-24T15:29:14+00:00","dateModified":"2023-08-30T17:48:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/"},"wordCount":626,"publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/08\/image-37.png","keywords":["SAAS"],"articleSection":["Azure Topics","SaaS"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/","url":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/","name":"Utilizing PowerShell for Testing the Client Credential Flow with Certificate - \u6781\u7b80IT\uff5cSimpleIT","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#primaryimage"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/08\/image-37.png","datePublished":"2023-08-24T15:29:14+00:00","dateModified":"2023-08-30T17:48:34+00:00","breadcrumb":{"@id":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#primaryimage","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/08\/image-37.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/08\/image-37.png","width":983,"height":174},{"@type":"BreadcrumbList","@id":"https:\/\/www.ruianding.com\/blog\/utilizing-powershell-for-testing-the-client-credential-flow-with-certificate\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ruianding.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Utilizing PowerShell for Testing the Client Credential Flow with Certificate"}]},{"@type":"WebSite","@id":"https:\/\/www.ruianding.com\/blog\/#website","url":"https:\/\/www.ruianding.com\/blog\/","name":"Ruian's Tech Troubleshooting Toolbox","description":"Debug the World.","publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"alternateName":"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b","name":"Ruian Ding","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","width":284,"height":284,"caption":"Ruian Ding"},"logo":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/"},"description":"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.","sameAs":["https:\/\/www.ruianding.com"],"url":"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/"}]}},"_links":{"self":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/863","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/comments?post=863"}],"version-history":[{"count":13,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/863\/revisions"}],"predecessor-version":[{"id":925,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/863\/revisions\/925"}],"wp:attachment":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/media?parent=863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/categories?post=863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/tags?post=863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}