Azure rest api authentication

Question

I'm building an Android app that will access Azure REST API and read some data from azure monitoring. I'm having problem on the authentication process because not sure is it possible to use MSAL library to authenticate to access Azure REST API?

Answer 1

In your mentioned demo code that the resource is microsoft graph. If you want to use Azure service management API, we need to change the resource to https://management.azure.com. And we need to assign role to the registried Application.

I am not familiar with preview SDK, but we also could do that with following way to get the access token for Azure management API.

By default the V2 application is not displayed in the Azure portal. So we need to consent the permission. Then we could found it in the Azure portal.

https://login.microsoftonline.com/{tenantId}/adminconsent?
client_id={clientId}
&state=12345
&redirect_uri={redirectUrl}

Then use the admin account to approve the consent. After that we could find the V2 application in the Azure portal and assign the role to application.

From this document, we could know that the v2.0 endpoint does not support OAuth 2.0 Resource Owner Password Credentials Grant.

So we could use the authorization code follow to get the access token.

1. get the authorization_code

   https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize? client_id={clientId}&response_type=code &redirect_uri={redirect_uri} &response_mode=query &scope=https://management.azure.com/user_impersonation &state=12345

2. get access token

   https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token? scope=https://management.azure.com/.default &client_id={clientId} &grant_type=authorization_code &redirect_uri={redirectUri} &code =AQABAAIAAAC5una0EUFgTIF8ElaxtWjT6o1ePh...

Test Accesstoken