Creating a Service Principle in Azure requires a Client Secret. The Secret serves as the password for the principle. For example, you will need a Client Secret in order to generate a JSON Web Token.
A Client Secret is associated with an Application Registration. To get started, you will need to register your application in Active Directory, as described in this article.
Log into the Azure Portal and search for Azure Active Directory, shown in Fig. 1.
Select "Azure Active Directory" to navigate to the Azure Active Directory "Overview" blade, as shown in Fig. 2.
Click the [App registrations] button (Fig. 3) to open the "App Registrations" blade, as shown in Fig. 4.
Select your App registration to open its details page, as shown in Fig. 5.
Click the [Certificates & secrets] button (Fig. 6) to display the "Certificates & secrets" blade, as shown in Fig. 7.
Select the "Client secrets" tab, if it is not yet selected.
Click the [New client secret] button (Fig. 8) to display the "Add client secret" dialogue, as shown in Fig. 9.
Provide a brief description of the secret. This will show up in lists, making it easier to identify later.
Select a time at which the secret will expire and need to be regenerated.
Click the [Add] button to generate the Client Secret and return to the "Certificates & Secrets" value. You should see your newly-generated secret listed on this blade. Copy and save the "Value". You will need it later.
After you navigate away from this page, there is no way to retrieve the Secret Value. If you do not copy and save it now, you will need to regenerate a Secret.
Keep this secret in a safe place - in Azure Key Vault or in a secure folder. If it is compromised, a hacker can access your API with this service identity.
This article showed how to generate a Client Secret. This Client Secret serves as a password for a principle account. You can use it when generating a JSON Web Token.