Add Service Principal Details to Device Flow Auth

[slynickel]

One of the less trivial parts of getting the code to work in the Use Device Flow Authentication section is what to use for application ID. You can't just generate a service principal with the default settings and use that. There are three things I think that the service principal needs that I struggled for hours to determine.

1. The service principal needs delegated API permissions to the resource end point you are trying to use.
2. The service principal needs to have the Access token checkbox checked in the advanced settings >> implicit grant section (that's the path in the App registrations (Preview) blade, unclear how to do it in the app registrations current view).
3. The service principal needs Default client type set to yes (under advanced settings as well).

If any of these requirements aren't met you get an unhelpful message that some unknown error occurred.

The reason I say I think these are the requirements is because it was trial and error to get here.

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 8b1e7e7d-3e45-61c7-664c-b29116fe3f14
• Version Independent ID: 186aaf08-938a-c05b-68db-0f0efe5dd60f
• Content: Authentication with the Azure SDK for Go
• Content Source: azure-go-sdk-conceptual/azure-sdk-go-authorization.md
• Sub-service: authentication
• Technology: azure-sdk-go
• GitHub Login: @sptramer
• Microsoft Alias: sttramer

[sptramer]

@slynickel Thanks for the feedback - I'll make sure that these improvements to the document go on the backlog and I take a closer look into what the service principal/application authentication requirements are. They may have changed since the article was originally written.