Azure Authentication - End User

Register the app

Azure Authentication - Application (Client Id) - Service Principal

Get an authorization code

To get the authorization code, the web browser (or an embedded web browser control) navigates to a:

• tenant-specific for a single tenant
• or common (tenant-independent) endpoint for multi-tenant apps. See Additional considerations when developing single tenant or multi-tenant apps

https://login.microsoftonline.com/common/oauth2/authorize
# or
https://login.microsoftonline.com/<tenant id>/oauth2/authorize

Request Ref:

https://login.microsoftonline.com/<TENANT-ID>/oauth2/authorize?client_id=<APPLICATION-ID>&response_type=code&redirect_uri=<REDIRECT-URI>

Response:

http://localhost/?code=<AUTHORIZATION-CODE>&session_state=<GUID>

Get the tokens

Request:

curl -X POST https://login.microsoftonline.com/<TENANT-ID>/oauth2/token \
 -F redirect_uri=<REDIRECT-URI> \
 -F grant_type=authorization_code \
 -F resource=https://management.core.windows.net/ \
 -F client_id=<APPLICATION-ID> \
 -F code=<AUTHORIZATION-CODE>

Response: JSON with access token and refresh token:

{"token_type":"Bearer","scope":"user_impersonation","expires_in":"3599","expires_on":"1461865782","not_before":    "1461861882","resource":"https://management.core.windows.net/","access_token":"<REDACTED>","refresh_token":"<REDACTED>","id_token":"<REDACTED>"}

Request a new access token from the refresh token

 curl -X POST https://login.microsoftonline.com/<TENANT-ID>/oauth2/token  \
      -F grant_type=refresh_token \
      -F resource=https://management.core.windows.net/ \
      -F client_id=<APPLICATION-ID> \
      -F refresh_token=<REFRESH-TOKEN>