Azure - Authentication
About
Auth in Azure
For a given tenant (domain), you needs to get a token as credentials.
Articles Related
Access
Your app can access Resource in couple of ways:
- User + app access: for apps that access resources on behalf of a signed-in user. This approach works for apps, such as web apps and command-line tools, that deal with only “interactive management” of Azure resources.
- App-only access: for apps that run daemon services and scheduled jobs. The app's identity is granted direct access to the resources. This approach works for apps that need long-term headless (unattended) access to Azure.
- Getting a token with a user name and password seems to be deprecated.
Scenario
See Application Types and Scenarios
These are the five primary application scenarios supported by Azure AD:
- Web browser to web application: A user needs to sign in to a web application that is secured by Azure AD.
- Single Page Application (SPA): A user needs to sign in to a single page application that is secured by Azure AD.
- Native application to web API: A native application that runs on a phone, tablet, or PC needs to authenticate a user to get resources from a web API that is secured by Azure AD. See sample
- Web application to web API: A web application needs to get resources from a web API secured by Azure AD.
- Daemon or server application to web API: A daemon application or a server application with no web user interface needs to get resources from a web API secured by Azure AD.
Property
Mandatory data:
- tenant ID (tenantID): Ie an ID that represents the active directory.
- application ID, previously known as client ID (clientID): the service principal client (Example: 04b07795-8ddb-461a-bbee-02f9e1bf7b46)
- authentication key (authKey) or (client_secret) : the secret associated with the client_id
Others:
- username : active directory user
- password : sign-in password
- resource : resource for auth (e.g., https://datalake.azure.net/)
- authority_host_uri = 'https://login.microsoftonline.com'
- authority_full (or context) : authority_host_uri + '/' + tenant_id
- resource : resource for auth (e.g., https://datalake.azure.net/)
Documentation / Reference
- https://docs.microsoft.com/en-us/azure/active-directory/ - doc reference