You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
client credentials
About this tag
The client credentials tag covers discussions about OAuth 2.0 client credentials grant flows, specifically the security risks of leaked ClientId/ClientSecret pairs in Azure Active Directory (now Entra ID) and Microsoft Graph integrations. Threads focus on exposed appsettings.json files in ASP.NET Core applications that can allow attackers to exchange leaked credentials for OAuth tokens, enabling unauthorized API access. Recurring themes include preventing credential leaks through secure secret management, least-privilege controls, and proper configuration of Azure AD application registrations. The tag is relevant for developers and IT administrators working with Microsoft identity platforms and cloud security.
A publicly exposed appsettings.json containing Azure Active Directory (Entra ID) application credentials has opened a direct, programmatic path into affected tenants — a single misconfigured JSON file acting as a master key for cloud estates and enabling attackers to exchange leaked...
A publicly exposed appsettings.json file that contained Azure Active Directory application credentials has created a direct, programmatic attack path into affected tenants — a misconfiguration that can let attackers exchange leaked ClientId/ClientSecret pairs for OAuth 2.0 access tokens and then...