I am generating an Excel file to which I have to add a sensitivity label, and for that, I am using Microsoft Information Protection SDK version 1.15.86.

In the MIP SDK setup, we have to implement the IAuthDelegate to acquire a token. For this, I am following the code example found in the given link below:

IAuthDelegate implementation link: https://learn.microsoft.com/en-us/information-protection/develop/quick-app-initialization-csharp#implement-an-authentication-delegate

When I was doing a proof of concept, I was able to add the sensitivity label in the excel using the auth-token from my web app which I injected into the AcquireToken method of the IAuthDelegate here’s the code for the same

public string AcquireToken(Identity identity, string authority, string resource, string claims)
{
    var userAssertion = new UserAssertion(_authToken, "urn:ietf:params:oauth:grant-type:jwt-bearer", _currentUser);
    var authContext = new AuthenticationContext(authority, new TokenCache());
    var clientCredential = new ClientCredential(_applicationClientId, Environment.GetEnvironmentVariable("ClientSecret")));

    var result = authContext.AcquireTokenAsync(resource, clientCredential, userAssertion).Result;
    return result.AccessToken;
}

The _authToken is the hardcoded token from the web, _currentUser is the userPrincipalName (emailId) of the user.

The issue here is that the code to generate the Excel file will be called by a function app, so the above code becomes obsolete as I cannot pass hard-coded tokens.

From the above link I referenced the code and it shows a authentication prompt which I cannot show as the code will be executed by the function app.

I tried the client_credential flow, but it gave me the following exception:

The service didn’t accept the auth token. Challenge: [‘’] HttpRequest.Id={some-id}, CorrelationId=some-id, CorrelationId.Description=PolicyProfile

Is there a way to generate the token in the IAuthDelegate without showing the prompt? Or is there any setting in Azure that we need to configure to incorporate this?

Since I was able to set the sensitivity label in my proof of concept I am assuming all the azure settings for the Mip sdk are done right as I am able to get the sensitivity label list and able to set them, but how do I get pass this scenario of the function app?

Please suggest. Thank you.