Azure Authentication - End User

Card Puncher Data Processing


Azure - Authentication


End-user authentication with Data Lake Store using REST API.

  • ADLS resources are accessed with the same level of access as the logged-in user.
  • The user needs to provide their credentials periodically in order for your application to maintain access.

Authentication process gets two token:

  • an access token (attached to each rest request, valid for one hour by default)
  • and a refresh token (to obtain a new access token, valid for up to two weeks by default)


Register the app

Azure Authentication - Application (Client Id) - Service Principal

Azure App Registration Native

Get an authorization code

To get the authorization code, the web browser (or an embedded web browser control) navigates to a:
# or<tenant id>/oauth2/authorize

Request Ref:<TENANT-ID>/oauth2/authorize?client_id=<APPLICATION-ID>&response_type=code&redirect_uri=<REDIRECT-URI>



Get the tokens


curl -X POST<TENANT-ID>/oauth2/token \
 -F redirect_uri=<REDIRECT-URI> \
 -F grant_type=authorization_code \
 -F resource= \
 -F client_id=<APPLICATION-ID> \

Response: JSON with access token and refresh token:

{"token_type":"Bearer","scope":"user_impersonation","expires_in":"3599","expires_on":"1461865782","not_before":    "1461861882","resource":"","access_token":"<REDACTED>","refresh_token":"<REDACTED>","id_token":"<REDACTED>"}

Request a new access token from the refresh token

 curl -X POST<TENANT-ID>/oauth2/token  \
      -F grant_type=refresh_token \
      -F resource= \
      -F client_id=<APPLICATION-ID> \
      -F refresh_token=<REFRESH-TOKEN>

Discover More
Card Puncher Data Processing
Azure - Authentication

in Azure For a given tenant (domain), you needs to get a token as credentials. Your app can access Resource in couple of ways: User + app access: for apps that access resources on behalf of a...
Card Puncher Data Processing
Azure Data Lake - Rest

All REST calls to Data Lake Store must include an authorization token as part of the message header. Authentication...

Share this page:
Follow us:
Task Runner