About
Articles Related
Process
End-user authentication with Data Lake Store using REST API.
- ADLS resources are accessed with the same level of access as the logged-in user.
- The user needs to provide their credentials periodically in order for your application to maintain access.
Authentication process gets two token:
- an access token (attached to each rest request, valid for one hour by default)
- and a refresh token (to obtain a new access token, valid for up to two weeks by default)
Steps
Register the app
Azure Authentication - Application (Client Id) - Service Principal
Get an authorization code
To get the authorization code, the web browser (or an embedded web browser control) navigates to a:
- tenant-specific for a single tenant
- or common (tenant-independent) endpoint for multi-tenant apps. See Additional considerations when developing single tenant or multi-tenant apps
https://login.microsoftonline.com/common/oauth2/authorize
# or
https://login.microsoftonline.com/<tenant id>/oauth2/authorize
Request Ref:
https://login.microsoftonline.com/<TENANT-ID>/oauth2/authorize?client_id=<APPLICATION-ID>&response_type=code&redirect_uri=<REDIRECT-URI>
Response:
http://localhost/?code=<AUTHORIZATION-CODE>&session_state=<GUID>
Get the tokens
Request:
curl -X POST https://login.microsoftonline.com/<TENANT-ID>/oauth2/token \
-F redirect_uri=<REDIRECT-URI> \
-F grant_type=authorization_code \
-F resource=https://management.core.windows.net/ \
-F client_id=<APPLICATION-ID> \
-F code=<AUTHORIZATION-CODE>
Response: JSON with access token and refresh token:
{"token_type":"Bearer","scope":"user_impersonation","expires_in":"3599","expires_on":"1461865782","not_before": "1461861882","resource":"https://management.core.windows.net/","access_token":"<REDACTED>","refresh_token":"<REDACTED>","id_token":"<REDACTED>"}
Request a new access token from the refresh token
curl -X POST https://login.microsoftonline.com/<TENANT-ID>/oauth2/token \
-F grant_type=refresh_token \
-F resource=https://management.core.windows.net/ \
-F client_id=<APPLICATION-ID> \
-F refresh_token=<REFRESH-TOKEN>