Authenticate with Azure Service Management APIs using Azure AAD OAuth2

0
votes

I am developing a native application that should access the Azure tenant of the customer that is logging in (like the Azure PowerShell signin experience). I tried to use Azure PowerShell's client id, but the refresh token to renew the credentials seems to be valid for 12 hours only. Afterwords, the user had to sign in again.

I tried to create a multi-tenant Azure AAD application, but multi-tenancy is not available for native AAD applications. How can I get a client id similar to PowerShell AAD client ID 1950a258-227b-4e31-a9cf-717495945fc2 that allows me to use the Azure Service Management API of the user loggin in (who is not in my Azure AD).

1
powershellazureoauth-2.0

1 Answers

2
votes

First you should look into listing your App in the Azure Active Directory application gallery. This is the right way to do what you want. They will generate a client id for you. You should not use one already created for another app. That said...

For testing purposes, I wanted to do something similar. I used the VS client ID and was able to successfully Auth using this code:

public static string GetAuthorizationHeader()
        {
            AuthenticationResult result = null;

            var context = new AuthenticationContext("https://login.windows.net/common"); // tenant agnostic endpooint
            result = context.AcquireToken("https://management.core.windows.net/",
                                          "1950a258-227b-4e31-a9cf-717495945fc2", // Windows Azure Management API's Client ID
                                          new Uri("urn:ietf:wg:oauth:2.0:oob")); // standard redirect for native apps (console, desktop, mobile, etc)

            if (result == null)
            {
                throw new InvalidOperationException("Failed to obtain the JWT token");
            }

            return result.AccessToken;
        }

I posted the code up to GitHub here: devdash/EzAzureMgmtApiAuth, and more detail is on my blog: http://devian.co/2015/07/01/authenticate-to-the-azure-service-management-api/