*Credential.getToken support for clientID and tenantId
See original GitHub issueIn C# if you are still using AzureServiceTokenProvider.GetAccessTokenAsync(…) and pass in a resource (clientID) and a tenantID, it allows you to directly call the Azure application. I do not see an equivalent case in @azure/identity.
var clientId = "{GUID}";
var tenantID = "{GUID}";
var identity = "RunAs=App";
var azureServiceTokenProvider = new AzureServiceTokenProvider(identity);
var accessToken = azureServiceTokenProvider.GetAccessTokenAsync(clientId, tenantID).GetAwaiter().GetResult();
Console.WriteLine(accessToken);
The scenario is we are using a system managed identity for an Azure Function and trying to get a token from an OAuth2 endpoint that represents APIM.
Issue Analytics
- State:
- Created 2 years ago
- Comments:12 (7 by maintainers)
Top Results From Across the Web
Use the Azure Identity library to get an access token for ...
A simple way to get the access token and token credential is to use the DefaultAzureCredential class that is provided by the Azure...
Read more >Azure Identity client library for .NET
The Azure Identity library provides Azure Active Directory token authentication support across the Azure SDK. It provides a set of TokenCredential ...
Read more >DefaultAzureCredential: Unifying How We Get Azure AD Token
The Azure Identity library provides Azure Active Directory token authentication support across the Azure SDK. It provides a set of ...
Read more >Get Service Principal token with curl | azure-notes
Directory ID, Tenant ID, 72f988bf-86f1-41af-91ab-2d7cd011db47 ; Application ID, Client ID, b0e35524-7612-42bd-ae7b-d7e74accb8cc ; Key, Client Secret, kY/ ...
Read more >c# - Get Token from Azure using AAD App (ClientID, TenantID ...
You must use ClientAssertionCertificate instead of ClientCredential X509Certificate2 cert = ReadCertificateFromStore(config.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Passing in the clientid of the app worked. The confusing part and why we didn’t look at that before, even though from your perspective the user assigned MSI and app registration clientID are the same, is the documentation. That implies we need to create a standalone managed identity azure resource. We just needed to also use a scope of “api://{guid}/.default” though (a different issue) why we are limited to using .default.
Thanks for sharing the C# code snippet that you are trying to convert
I looked into the implementation of
AzureServiceTokenProvider
and it looks like it uses the “connectionString” passed to the constructor to determine how to do authentication. The “connectionString” is a list of key value pair and when you pass “RunAs=App”, it uses the Managed Identity.This way of using connection string like input to determine behavior is not encouraged anymore due to the nature of it being prone to human error when the string is being constructed. I am not aware of what the counterpart for this is in the newer .NET libraries, but we can share the recommended practice in JavaScript/TypeScript.
You are right in determining that using the
ManagedIdentityCredential
without parameters as the path forward. You can then await on thegetToken()
call on the credential to get your token. Can you share what issues/errors you found when doing so?