People have asked me about above question in many forums, and I personally have used ADAL (Active Directory Authentication Library) to get one. But here i would show you can use simple Http client to get one.
In following example, I would show you how to get bearer token for Azure Resource manager;
Before you jump in, you must have created AzureAD application and have it assigned desired permissions to Azure Resource Manager.
In olden days it was done through horrible powershell cmdlets, now days its done through new Azure Portal. (it used to be called ServicePrinciap), ServicePrincipal is actually an instance of your app in AzureAD.
So lets come back to recipe:
a) Fire a Http Client of your choice
b) Set POST method to a your token endpoint for your AzureAD tenant URL https://login.microsoftonline.com/<tenant-id>/oauth2/token
c) Set Content-Type : example : Content-Type: application/x-www-form-urlencoded
d) Set following parameter as part of your request body:
response_type=client_credentials&client_id=<azureadapp_clientId>&client_secret=<azuread_clientSecret>&resource=https%3A%2F%2Fmanagement.azure.com%2F&grant_type=client_credentials
e) Fire :)
{
"token_type": "Bearer",
"expires_in": "3600",
"ext_expires_in": "0",
"expires_on": "1481060508",
"not_before": "1481056608",
"resource": "https://management.azure.com/",
"access_token": "_BEARER_TOKEN_"
}
In this request result you should have now received a bearer token, which you can use further towards Azure Resource Manager.
Remember, key "expires_in" is an epoch time format, so you have to make sure that you have to refresh refresh this token before it expires. which is why ADAL is so good and you do not have to think about such things. :-)
Now you can use another Http call to one of your favorite Azure REST apis and use above "bearer" token as part of authorization header; set value; Authorization bearer <_BEARER_TOKE_>
That's it :)
Remember: The above practice is not good for production env. you have responsibility to store client_id , client_secret in a secure place, practicing above things is not recommended in production env. and ADAL should be part of the game. but for learning purposes, its always good to know how things work in background :)
In following example, I would show you how to get bearer token for Azure Resource manager;
Before you jump in, you must have created AzureAD application and have it assigned desired permissions to Azure Resource Manager.
In olden days it was done through horrible powershell cmdlets, now days its done through new Azure Portal. (it used to be called ServicePrinciap), ServicePrincipal is actually an instance of your app in AzureAD.
So lets come back to recipe:
a) Fire a Http Client of your choice
b) Set POST method to a your token endpoint for your AzureAD tenant URL https://login.microsoftonline.com/<tenant-id>/oauth2/token
c) Set Content-Type : example : Content-Type: application/x-www-form-urlencoded
d) Set following parameter as part of your request body:
response_type=client_credentials&client_id=<azureadapp_clientId>&client_secret=<azuread_clientSecret>&resource=https%3A%2F%2Fmanagement.azure.com%2F&grant_type=client_credentials
e) Fire :)
{
"token_type": "Bearer",
"expires_in": "3600",
"ext_expires_in": "0",
"expires_on": "1481060508",
"not_before": "1481056608",
"resource": "https://management.azure.com/",
"access_token": "_BEARER_TOKEN_"
}
In this request result you should have now received a bearer token, which you can use further towards Azure Resource Manager.
Now you can use another Http call to one of your favorite Azure REST apis and use above "bearer" token as part of authorization header; set value; Authorization bearer <_BEARER_TOKE_>
That's it :)
Remember: The above practice is not good for production env. you have responsibility to store client_id , client_secret in a secure place, practicing above things is not recommended in production env. and ADAL should be part of the game. but for learning purposes, its always good to know how things work in background :)
Comments