What is the simplest way to retrieve the JWT from azure active directory. I want to perform some rest calls locally and need this token.
I am going through https://msdn.microsoft.com/en-us/library/azure/dn790557.aspx and what i need to know is there a way to obtain token without having to create an AAD application or a service principal.
Instead of AAD application and Service Principal, you can use ADAL and Azure account directly.
Here is a piece of PowerShell code you can use to acquire an access token from AAD.
###################################################################################
# #
# This is a sample PowerShell script which can use the Azure Rest API. #
# The sample is using the ADAL inside Azure SDK for .NET, so before you can #
# use this sample, you need to install the latest Azure SDK. #
# #
# This sample require a user interaction to login with an Azure account. you #
# can use Organization ID or Live ID as long as you have the right permission. #
# In the sample, auto prompt behaviour is being used, so within one PowerShell #
# session, you only need to login once. #
# #
###################################################################################
# Loading the ADAL to the PowerShell session. This path here is the default path for the latest Azure SDK.
# If you are installing this somewhere else, you should change the path.
Add-Type -Path 'C:\Program Files\Microsoft Azure Active Directory Connect\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
# your subscription ID
$subscriptionID = <subscription id>
# The tenant ID of your subscription
$tenantID = "<tenant ID>"
# The login Endpoint of your Azure Environment. The endpoint here is for global Azure.
$loginEndpoint = "https://login.windows.net/"
# This is the default redirect URI and the default client ID. You don't need to change this.
# They are hardcoded. Of course, you can also use your only AD Application.
# However, you need to have the permission setup correctly.
$redirectURI = New-Object System.Uri ("urn:ietf:wg:oauth:2.0:oob")
$clientID = "1950a258-227b-4e31-a9cf-717495945fc2"
# The Azure account you want to use.
# you need to have the permission to access the Azure Resources.
$userName = <Azure AD user with the right permission>
# the Azure management endpoint. This is for global Azure.
# For Resource Manager model, you can also use https://management.azure.com/.
$resource = "https://management.core.windows.net/"
# Constructing the authorization String.
$authString = $loginEndpoint + $tenantID
# Creating the Authentication Context
$authenticationContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext ($authString, $false)
# Setting the prompt behaviour to be auto, so that you don't need to login every time you run this sample.
$promptBehaviour = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto
# Acquiring Token.
$userIdentifierType = [Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifierType]::RequiredDisplayableId
$userIdentifier = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier ($userName, $userIdentifierType)
$authenticationResult = $authenticationContext.AcquireToken($resource, $clientID, $redirectURI, $promptBehaviour, $userIdentifier);
As you can see, this PowerShell script is translated from C# code. If you are using something other than PowerShell or C#. You may need to take a look at the corresponding ADAL for your specific programing language.
