Azure oAuth token retrieval with user managed identity
I am new to Azure. I have an app service and a system managed and an user managed identity. I want to use the rest endpoint to get the access tokens. Based on a config flag, I want to use either
- Use the User Managed Identity to get the access tokens. or
- Use the system managed identity to get the access tokens.
Since I am new, I am not sure about which endpoint to call. Most importantly, I want to under as to how I can request the AAD to use User Managed Identity over the system managed.
I tried to reproduce the same in my environment and got below results:
I have one App service where I enabled system assigned managed identity like below:
Now, Open Kudu by selecting Advanced Tools in your App Service like below:
In new tab, Kudo will be opened where you need to select PowerShell under Debug console like below:
Now, run the below PowerShell script to get access token using System-assigned managed identity:
$resourceURI = "https://storage.azure.com"
$tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resourceURI&api-version=2019-08-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} -Uri $tokenAuthURI
$accessToken = $tokenResponse.access_token
Response:
You can run $accessToken to print the token like below:
I added one user managed identity to the App Service like below:
To get access token using User assigned Managed Identity, you need to include one of the optional parameters like client_id or
principal_id in the script.
You can find values of these parameters from your managed identity:
In my case, I included client_id in PowerShell script to get token using User assigned managed identity like below:
$resourceURI = "https://storage.azure.com/"
$client_id = "d5845093-6622-4827-ad6a-xxxxxxxxxx"
$tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resourceURI&client_id=$client_id&api-version=2019-08-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} -Uri $tokenAuthURI
$accessToken = $tokenResponse.access_token
Response:
You can run $accessToken to print the token like below:
Based on your requirement, you can change the value of $resourceURI parameter to https://graph.microsoft.com,
https://vault.azure.net or https://management.azure.com etc...
Including one of the optional parameters is enough to get access token from User Managed Identity over the system managed.
Reference: Managed identities - Azure App Service | Microsoft
- NullPointerException in Java JDK code while performing parallelStream.forEach(..)
- Locating code that is filling PermGen with dead Groovy code
- Cannot find test class in project - "The input type of the launch configuration does not exist"
- Passing the values to the fraction class in java
- How to use different authentication methods for different paths using Spring Security
- how to fetch and validate csv header in open csv?
- 4-Sum algorithm failing with duplicate values in Java
- Error getting month while using Calendar object
- java Calendar Timezones strange stuff
- java.util.Date class with different approach for same date gives different output
- Finding out the type of invoked method in JDT
- How to get the size of a file in MB (Megabytes)?
- Exception in thread "main" java.lang.IllegalStateException: Attempted to load Config resource 'class path resource [application.yml]'
- Why does Google Calendar.Events.Watch say my request is not HTTPS
- Java - Class.forName, how to get a Field from Class
- Use of verify() method with and without times(1) parameter
- JDBC connection without database definition
- Running my testNG project from a jar using Maven
- Do subclasses inherit interfaces?
- Spring Security - how can I ask invoke access control methods directly?
- most accurate time type in java?
- How to get the currently selected application from Windows in Java
- validate the credit card expiry date using java?
- Finding the square root of a number by using binary search
- log4j : current time in milliseconds
- Why Joda DateTime gives different result than Java Date?
- Tomcat - maxThreads vs. maxConnections
- Android notification importance cannot be changed
- How to enable all endpoints in actuator (Spring Boot 2.0.0 RC1)
- Map rainbow colors to RGB