Azure Service Management API Authentication Using Azure Active Directory Oauth

I want to authenticate Azure Service Management API using Azure AD via curl.

I set up an application in my default directory. In this free trial, that I only have a directory.

When I target the oauth token endpoint, I get a JWT.

curl --data "grant_type=client_credentials&client_id=<my_client_id>&client_secret=<my_encoded_secret>&resource=https%3A%2F%2Fmanagement.core.windows.net" https://login.windows.net/<my_tenant_id>/oauth2/token

      

But when I use this token to list my subscription details, I get an error:

curl -H "x-ms-version: 2014-06-01" \
     -H "Authorization: Bearer <my_token>" \
     https://management.core.windows.net/<my_subscription_id>/

    <Error xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
      <Code>ForbiddenError</Code>
      <Message>The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.</Message>
    </Error>

      

I granted the Service Management API permissions to the application as "delegated permissions" because "Application Permissions" is not available.

enter image description here

What am I missing?

+3


source to share


1 answer


This is not possible due to the Application Permissions: 0 settings for the service management API. The client_credentials grant type uses the credentials from the application (client_id and client_secret), and since the application does not have permissions for this API, the call fails.



Since the Service Management API does not allow any application permissions, we must use the authorize_code permission type or some other method to get the custom token.

+1


source







All Articles