Forum Discussion
ZAP Scan Automation using Azure DevOps
Hey Team, I have implemented ZAP Scan for one of the microservices. I need to get the access token from the Azure AD B2C using client assertion for the microservice. I have registered my applicat...
Try Clietn Credential Flow + Client Assertion:
1. Register a certificate with your Azure AD B2C application
2. Generate a signed JWT as the client assertion
3. Request a token using this assertion
MSAL doesn’t natively generate client assertion JWTs, but you can use System.IdentityModel.Tokens.Jwt:
# Load your certificate
$cert = Get-PfxCertificate -FilePath "path-to-cert.pfx"
# Generate JWT client assertion manually
# Then use Invoke-RestMethod to call the token endpoint:
$body = @{
client_id = "<your-client-id>"
scope = "https://<tenant>.onmicrosoft.com/<api>/read"
grant_type = "client_credentials"
client_assertion_type = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
client_assertion = "<your-JWT>"
}
$response = Invoke-RestMethod -Uri "https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/<policy>/oauth2/v2.0/token" -Method POST -Body $body