I have a web app on Azure App Service that requires Azure Active Directory authentication. I can connect receive an access token for the secured app from within other apps using either the OAuth 2.0 flow for service-to-service communication or Managed Service Identity (MSI).
For MSI Microsoft provides a library,Microsoft.Azure.Services.AppAuthentication , for authentication that also supports using the credentials from the azure-cli
tool.
However, the library is currently in preview and it does not work on my system, but I managed to find its source code on github.
The relevant part seems to call
$ az account get-access-token <resource>
However, when I try it with the resource name of the app I am trying to access I get the following error:
Get Token request returned http error: 400 and server response: {"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID <application id> named <application name>.
For the resource name I tried both the App ID URI and Client ID.
Has anyone managed to use azure-cli
to get an access token in a similar scenario?