Month: June 2020

What is this?

I do not know how many times I have looked for an article explaining the just make it work part of how to authenticate to Azure from an application calling an Azure API. I usually find myself in a very long article on scope and OAUTH vs OAUTH2 vs OpenID.

This is more for me as documentation and perhaps for you as well, and it will not go thru why you should configure anything in a particular way. It is just a make it work.

If you do not know how to create an App Registration (necessary for login) or how to get the information used below, I have created a post here.

The three stages of logging in

1. Get the information you need.
2. Login to get a Token
3. Use the Token in an API-call.

Getting the information you need

You will need:

1. A Client ID
2. A Client Secret
3. The Azure Tenant ID
4. Know which resource you are using

The 1, 2 and 3

The Client ID and the Tenant ID you can get from the App Registration Overview page of your app.

The client secret is either something you previously saved or something you created. Take a look at my post. Click on “Create the App Secret” in the Table of contents at the top if you need more information on how to create a secret.

The resource

This is the only tricky part.

• If you need to manipulate about 90% of Azure you use https://management.azure.com/
• If you are login into Storage Account you should/could use https://storage.azure.com/

Postman

The number one client for calling and testing APIs.

Login to get a Token (with Postman)

Gather all the information you have above and lets get to configuring. You can use variables and environment settings for these.

• Set the URI to: https://login.microsoftonline.com/[Tenant ID Goes here]/oauth2/token
• Set the verb to POST.
• Set the format of the body to form-data
• Fill in the data:
  • client_id: Your Client ID
  • client_secret: Your client secret (password)
  • resource: see heading just above this
  • grant_type: client_credentials
• Click Send and receive your access-token.

  

  Bonus content for Postman

  If you want to be fancy, add a script to the test part and assign the token to a local variable for use in other calls.

  pm.test(pm.info.requestName, () => {
  pm.response.to.not.be.error;
  pm.response.to.not.have.jsonBody('error');
  });
  pm.environment.set("<your variable>", pm.response.json().access_token);

  Use the token in the API-call (with Postman)

  Now that you have your token, you can use it in other calls.

• Simply click Authorization
• In the dropdown select Bearer Token and paste your token in the token-field to the right. If you used the fancy script, use the variable instead.

  

• Done!

What is this?

There are a lot of articles out there on how to setup an App Registration in Azure. Most of them contains a lot of useful information on why, rather than how.

This article is only about the how.

What you need to do

1. Log into Azure
2. Find the App Registration page.
3. Create the App registration
4. Create the App Secret
5. Where to find information you will probably need later.

The process

Login to Azure

Come on you know this. Why are you even reading this step?

Find the App Registration Page

The easiest way of doing this is to use the search field at the top of the page. Just type App Reg and it should pop up.

Select it.

Create the App Registration

On the start page for App Registration, click New Registration at the top left.

• Give it a useful name. Better than MyDemoApp
• Make sure the top radio button is selected.
• Leave the Redirect URI blank and click the Register Button

  

Create the App Secret

Remember to store the secret somewhere!!! When you have registered your app you will be forwarded to its starting page.

• In the menu to the left, select Certificates & secrets
• In the new page, click the New client secret button.
• Give it a description and expiration (I always use 1 year for test and dev keys) and click Add.

  

• Important! Take it slow!
• Copy the value of the key created. This is the only time it is shown.

  

• Store the key for later use.

Where to find information you will probably need later

When using this App to log in or authenticate you will use additional information, beside the Client Secret.

• Go to the start page for the App Registration and choose your App.
• In the start page of your app you will find everything you usually need
• Here you will find the Client ID (under Application (Client) ID) and
• Tenant ID, which you need to get a token.

  

The session

I am a co-admin of the Azure Meetup Stockholm group. We usually host sessions on anything Azure related at an office and usually in the evening. Due to the current situation, corona, we decided to move the sessions to YouTube. I did my first session this Monday (1st of June 2020).

The session is on how you can achieve full redundancy between different Azure data centers in the event of an outage, the challenges this poses and a proposed solution. It also contains a fair bit on more hard core computer science, trying to explain why it is impossible to reach 100%.

Session link.