azure-sdk-for-net
azure-sdk-for-net copied to clipboard
Azure
[QUERY] Use AzureCredentials with token from Authorization Code Flow
Library name and version
Microsoft.Azure.Management.ResourceManager.Fluent.Authentication
Query/Question
We are attempting to use this package in our SaaS. Process as follows:
- customer logs in to their Azure AD account from our SaaS using the OAuth 2.0 Authorization Code Flow
- we receive the user token
- we use that token to authenticate against the user's Azure environment and are able to "GET Subscriptions" for example (or GET Azure VMs or any other Azure APIs really).
Right now we are struggling to create/use AzureCredentials with a bearer token obtained via OAuth 2.0 Authorization Code Flow.
Is this possible? If yes, do you have a working code sample for this?
If no, what else can we do if we want to give the user the above UX?
Thanks, David
Environment
No response
Label prediction was below confidence level 0.6 for Model:ServiceLabels: 'AppAuthentication:0.46701494,ARM:0.1746157,Azure.Identity:0.10250967'
Label prediction was below confidence level 0.6 for Model:CategoryLabels: 'Client:0.598036,Mgmt:0.39911824,Service:0.0024482051'
Thank you for your feedback. Tagging and routing to the team member best able to assist.
I'd be interested in this as well. I tried
public IAuthenticated GetClient(string myClientId, string tenantId, string token) { var tokenCredentials = new TokenCredentials(token); var azureCredentials = new AzureCredentials( tokenCredentials, tokenCredentials, tenantId, AzureEnvironment.AzureGlobalCloud); return Authenticate(azureCredentials); }
but that didn't work.
Hi @davidobrien1985 ,
The package you are using has been deprecated in favor of new libraries for doing Azure resource management. What you are trying to do was actually one of the key features that was added in the new libraries which are backed by Azure.Identity and MSAL.
These are the two new packages for managing Azure Resources that I think you want to be using:
Azure.ResourceManager Azure.ResourceManager.Resources
Here is an example that I think will help: https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/resourcemanager/Azure.ResourceManager#resourcedatacs
ArmClient client = new ArmClient(new DefaultAzureCredential());
string resourceGroupName = "myResourceGroup";
SubscriptionResource subscription = await client.GetDefaultSubscriptionAsync();
ResourceGroupCollection resourceGroups = subscription.GetResourceGroups();
ResourceGroupResource resourceGroup = await resourceGroups.GetAsync(resourceGroupName);
await foreach (VirtualMachineResource virtualMachine in resourceGroup.GetVirtualMachines())
{
//previously we would have to take the resourceGroupName and the vmName from the vm object
//and pass those into the powerOff method as well as we would need to execute that on a separate compute client
await virtualMachine.PowerOffAsync(WaitUntil.Completed);
}
If your application has already auth'ed the user and acquired a token on their behalf, you can use DelegatedTokenCredential from Azure.Identity in lieu of DefaultAzureCredential in those code examples.
Something like this:
var client = new ArmClient(DelegatedTokenCredential.Create((_, _) => token);
Hi, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!
