Is it possible to get access token through azure graph and use it to access azure storage accounts?

Question

For instance I can authenticate through graph api by getaccesstokencredentials(username, password) Can I use this token to access Azure? Current we can use usertokencredentials and applicationtokencredentials from management library then once done you can create instance of azure class. Azure azure = Azure.authenticate(credentials).withdefaultsubscription. I'm wondering if we can use the token from getaccesstokencredentials instead of usertokentcredentials and applicationtokencredentials

Answer 1

We cannot use the the same access token to call graph api and call api to manage Azure resource. Because the resource url for graph api ishttps://graph.microsoft.com/ but the resource url for Azure management rest api is https://management.azure.com/. For more details, please refer to https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-api-authentication.

Besides, regarding how to use Azure AD to access Azure storage, please refer to the following steps:

1. Add role assignment to your principal.

2. Get token.

   public static String getToken() throws Exception {
       String TENANT_ID = "your tenant id or name, e4c9*-*-*-*-*57fb";
       String AUTHORITY = "https://login.microsoftonline.com/" + TENANT_ID;
       String CLIENT_ID = "your application id, dc17*-*-*-*a5e7";
       String CLIENT_SECRET = "the secret, /pG*32";
       String RESOURCE = "https://storage.azure.com/";
       String ACCESS_TOKEN = null;
       ExecutorService service = Executors.newFixedThreadPool(1);
       AuthenticationContext context = null;
       try {
           context = new AuthenticationContext(AUTHORITY, false, service);
           ClientCredential credential = new ClientCredential(CLIENT_ID, CLIENT_SECRET);
           Future<AuthenticationResult> future = context.acquireToken(RESOURCE, credential, null);
           ACCESS_TOKEN = future.get().getAccessToken();
       } catch (InterruptedException e) {
           e.printStackTrace();
       } catch (ExecutionException e) {
           e.printStackTrace();
       } catch (MalformedURLException e) {
           e.printStackTrace();
       } finally {
           service.shutdown();
       }
       return ACCESS_TOKEN;
   }
   

3. Access blob.

   public static void main(String[] args) throws Exception {
       String token = getToken();
       StorageCredentialsToken credentialsToken = new StorageCredentialsToken("storagetest789", token);
       CloudBlobClient blobClient = new CloudBlobClient(new URI("https://storagetest789.blob.core.windows.net/"), credentialsToken);
       CloudBlobContainer blobContainer = blobClient.getContainerReference("pub");
       CloudBlockBlob blockBlob = blobContainer.getBlockBlobReference("test1.txt");
       blockBlob.uploadText("mytest");
   }
   

For more details, please refer to https://learn.microsoft.com/en-us/azure/storage/common/storage-auth-aad.