Azure Service Management API Authentication Using Azure Active Directory Oauth
I want to authenticate Azure Service Management API using Azure AD via curl.
I set up an application in my default directory. In this free trial, that I only have a directory.
When I target the oauth token endpoint, I get a JWT.
curl --data "grant_type=client_credentials&client_id=<my_client_id>&client_secret=<my_encoded_secret>&resource=https%3A%2F%2Fmanagement.core.windows.net" https://login.windows.net/<my_tenant_id>/oauth2/token
But when I use this token to list my subscription details, I get an error:
curl -H "x-ms-version: 2014-06-01" \
-H "Authorization: Bearer <my_token>" \
https://management.core.windows.net/<my_subscription_id>/
<Error xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<Code>ForbiddenError</Code>
<Message>The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.</Message>
</Error>
I granted the Service Management API permissions to the application as "delegated permissions" because "Application Permissions" is not available.
What am I missing?
source to share
This is not possible due to the Application Permissions: 0 settings for the service management API. The client_credentials grant type uses the credentials from the application (client_id and client_secret), and since the application does not have permissions for this API, the call fails.
Since the Service Management API does not allow any application permissions, we must use the authorize_code permission type or some other method to get the custom token.
source to share