How to get a Microsoft Azure Authorization Token

OvidijusParsiunas
March 16, 2023
279 views
0 votes
2 Answers

The Microsoft Azure Cost Management Query site offers an interactive panel to test out its REST APIs on the browser. It all works just fine, however I can’t figure out how the website retrieves the prepopulated Authorization bearer token to allow me to replicate the call on my computer. Or more so – what do I need to do to retrieve this token?

What I have attempted:

I have been recommended to register a new app and use its credentials to generate a new token, however that token still appears to give me an error when using it in the request above (I tried to copy the token from the above example and the request works when I use it, so I know the problem is 100% on my token generation approach). How I got my token:

Retrieving the token endpoint url:

Using it along with the other credentials in Postman to retrieve the token:

Then using the resultant bearer token to create a new request (like the example in the browser) which yields the ERROR below (this does work if I copy the token from the example…):

Adding the body and header content for reference:

More attempts:

Based on @Heidi Tran suggestion, I have created a user_impersonation API permission, but unfortunately that did not change the result:

Based on @RithwikBojja suggestion, I have updated the token retrieval scope property to https://management.azure.com/.default. When I generate the token and use it in the original request (1st image), I now get the following error (It is worth noting that the token presented by the browser does work in Postman so the scope is valid and the problem is still the token retrieval):

I have also made sure that I have read access as well as owner access to my subscription (which yield the same error as above):

Answers

- HeidiTran
- March 16, 2023 at 3:44 am
- 0 votes
0
The token was obtained by using Azure Active Directory OAuth2 Flow. Specifically, it’s OAuth2 implicit flow with the authorization URL: https://login.microsoftonline.com/common/oauth2/authorize and "user_impersonation" scope (Source). This flow only requires user sign in to get an access token.

You can learn more about this flow here https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow

However, if you only want the token to test it out quickly on your computer, you can copy it from the Request Review window.

Click on the Copy button on the top left corner of the Request Review window like example photo here and paste it to a notepad

It would look something like this:
```
POST https://management.azure.com/%7Bscope%7D/providers/Microsoft.CostManagement/query?api-version=2022-10-01
Authorization: Bearer eyJ0eXAiOiJKV1QiL...
Content-type: application/json
```
where
```
Authorization: Bearer <access_token>
```
Copy everything after Bearer , that’s your access token. Then you make your http request using curl or JavaScript
Login or Signup to reply.

- RithwikBojja
- March 16, 2023 at 6:32 am
- 0 votes
0
I have reproduced in my environment and got expected results as below:

As @Skin commented you need to create Azure AD App registration and use its client Id and secret for generating access token.

Firstly you need to create one Azure AD App registration as below:

Now in Postman:
```
POST https://login.microsoftonline.com/72f9b47/oauth2/v2.0/token
grant_type: client_credentials  
client_id: {clientid}  
client_secret: {clientsecret}  
scope: https://management.azure.com/.default
```
Here I got Post url(token endpoint url) from below:

In postman I have got bearer token as below:

Now use the above access token and run to get the details you want:
```
POST https://management.azure.com/subscriptions/Subid/providers/Microsoft.CostManagement/query?api-version=2022-10-01
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.