Azure Authentication - End User
Table of Contents
About
Articles Related
Process
End-user authentication with Data Lake Store using REST API.
- ADLS resources are accessed with the same level of access as the logged-in user.
- The user needs to provide their credentials periodically in order for your application to maintain access.
Authentication process gets two token:
- an access token (attached to each rest request, valid for one hour by default)
- and a refresh token (to obtain a new access token, valid for up to two weeks by default)
Steps
Register the app
Get an authorization code
To get the authorization code, the web browser (or an embedded web browser control) navigates to a:
- tenant-specific for a single tenant
- or common (tenant-independent) endpoint for multi-tenant apps. See Additional considerations when developing single tenant or multi-tenant apps
https://login.microsoftonline.com/common/oauth2/authorize
# or
https://login.microsoftonline.com/<tenant id>/oauth2/authorize
Request Ref:
https://login.microsoftonline.com/<TENANT-ID>/oauth2/authorize?client_id=<APPLICATION-ID>&response_type=code&redirect_uri=<REDIRECT-URI>
Response:
http://localhost/?code=<AUTHORIZATION-CODE>&session_state=<GUID>
Get the tokens
Request:
curl -X POST https://login.microsoftonline.com/<TENANT-ID>/oauth2/token \
-F redirect_uri=<REDIRECT-URI> \
-F grant_type=authorization_code \
-F resource=https://management.core.windows.net/ \
-F client_id=<APPLICATION-ID> \
-F code=<AUTHORIZATION-CODE>
Response: JSON with access token and refresh token:
{"token_type":"Bearer","scope":"user_impersonation","expires_in":"3599","expires_on":"1461865782","not_before": "1461861882","resource":"https://management.core.windows.net/","access_token":"<REDACTED>","refresh_token":"<REDACTED>","id_token":"<REDACTED>"}
Request a new access token from the refresh token
curl -X POST https://login.microsoftonline.com/<TENANT-ID>/oauth2/token \
-F grant_type=refresh_token \
-F resource=https://management.core.windows.net/ \
-F client_id=<APPLICATION-ID> \
-F refresh_token=<REFRESH-TOKEN>