Quick Start link

Generate your first Entra ID access token in just a few minutes!

Step 1: Install the Tool link

  dotnet tool install -g EntraAuthCli
  

See all installation options →

Step 2: Create Your First Profile link

Run the interactive profile creation:

  entra-auth-cli config create
  

You’ll be prompted for:

• Profile name: myprofile (or any name you choose)
• Tenant ID: Your Azure tenant ID (e.g., contoso.onmicrosoft.com or GUID)
• Client ID: Your app registration client ID
• Scopes: https://graph.microsoft.com/.default (default for Microsoft Graph)
• Auth method: Choose ClientSecret for this quick start
• Client secret: Your app’s client secret (securely stored)

Example:

  Profile name: myprofile
Tenant ID: contoso.onmicrosoft.com
Client ID: 12345678-1234-1234-1234-123456789abc
Scopes (comma-separated): https://graph.microsoft.com/.default
Authentication method: ClientSecret
Client secret: ****
  

💡 Tip: Don’t have an app registration? See the Complete Tutorial for step-by-step setup.

Step 3: Generate a Token link

  entra-auth-cli get-token -p myprofile
  

The tool will:

1. Authenticate using your profile credentials
2. Request a token from Entra ID
3. Display the token details
4. Copy the token to your clipboard (if available)

Expected output:

  ✓ Token retrieved successfully
  Expires: 2025-12-26 15:30:00 UTC (59 minutes)
  Scopes: https://graph.microsoft.com/.default
  Token copied to clipboard!
  

Step 4: Use Your Token link

The token is now in your clipboard. Use it to call APIs:

  # Example: Get current user info from Microsoft Graph
curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
  https://graph.microsoft.com/v1.0/me
  

Or read from the token file in headless environments:

  TOKEN=$(cat ~/.config/entra-auth-cli/last-token.txt)
curl -H "Authorization: Bearer $TOKEN" \
  https://graph.microsoft.com/v1.0/me
  

Step 5: Inspect the Token (Optional) link

Want to see what’s inside your token?

  entra-auth-cli inspect $(cat ~/.config/entra-auth-cli/last-token.txt)
  

This decodes the JWT and displays claims like:

• Audience (aud)
• Issuer (iss)
• Subject (sub)
• Expiration (exp)
• Scopes (scp/roles)

What’s Next? link

Learn the basics:

• Authentication Profiles - Understand profiles
• OAuth2 Flows - Learn about different flows
• Scopes - Manage API permissions

Explore features:

• Managing Profiles - Create, edit, export profiles
• Certificate Authentication - Use certificates instead of secrets
• Scope Overrides - Get tokens for different APIs

Try recipes:

• Service Principal Authentication
• Calling Microsoft Graph
• Custom APIs

Troubleshooting link

Token generation fails?

• Verify your client ID and secret are correct
• Check app registration permissions in Azure
• Ensure tenant ID is correct

Token not copied to clipboard?

• In headless environments, use the file output
• Use --no-clipboard flag to suppress clipboard operations

See full troubleshooting guide →