Azure Authentication - End User



End-user authentication with Data Lake Store using REST API.

  • ADLS resources are accessed with the same level of access as the logged-in user.
  • The user needs to provide their credentials periodically in order for your application to maintain access.

Authentication process gets two token:

  • an access token (attached to each rest request, valid for one hour by default)
  • and a refresh token (to obtain a new access token, valid for up to two weeks by default)


Register the app

Get an authorization code

To get the authorization code, the web browser (or an embedded web browser control) navigates to a:
# or<tenant id>/oauth2/authorize

Request Ref:<TENANT-ID>/oauth2/authorize?client_id=<APPLICATION-ID>&response_type=code&redirect_uri=<REDIRECT-URI>



Get the tokens


curl -X POST<TENANT-ID>/oauth2/token \
 -F redirect_uri=<REDIRECT-URI> \
 -F grant_type=authorization_code \
 -F resource= \
 -F client_id=<APPLICATION-ID> \

Response: JSON with access token and refresh token:

{"token_type":"Bearer","scope":"user_impersonation","expires_in":"3599","expires_on":"1461865782","not_before":    "1461861882","resource":"","access_token":"<REDACTED>","refresh_token":"<REDACTED>","id_token":"<REDACTED>"}

Request a new access token from the refresh token

 curl -X POST<TENANT-ID>/oauth2/token  \
      -F grant_type=refresh_token \
      -F resource= \
      -F client_id=<APPLICATION-ID> \
      -F refresh_token=<REFRESH-TOKEN>

Powered by ComboStrap