Get oauth token for Azure Key Vault

Anonymous
2020-06-16T21:27:19.317+00:00

Following the tutorial below, I am trying to get an oauth2 token to be able to use for access to Key Vault. The tutorial does not mention where to get the "local (URI) Managed Service Identity endpoint" for the oauth2 token. I tried using the "OAuth 2.0 token endpoint (v2)" found in Azure AD, but I get a response "You must sign into your account". Is the token endpoint supposed to be different? if so where is that found? If I am using the correct endpoint, then how to solve this because the whole purpose of using Key Vault is so that you don't have to store your credentials locally

https://learn.microsoft.com/en-us/azure/key-vault/general/tutorial-net-windows-virtual-machine

    static string GetToken()  
    {  
        WebRequest request = WebRequest.Create("https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token");  
        request.Headers.Add("Metadata", "true");  
        WebResponse response = request.GetResponse();  
        return ParseWebResponse(response, "access_token");  
    }  
Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,181 questions
0 comments No comments
{count} votes

Accepted answer
  1. Saurabh Sharma 23,791 Reputation points Microsoft Employee
    2020-06-17T01:26:43.35+00:00

    @John9720 If you are trying to run this code from your local environment instead of an Azure VM (with managed identity enabled) then the .net library Microsoft.Azure.Services.AppAuthentication fetches developer credentials to fetch the token and connect with Azure Key Vault. You do not need any "local Managed Service Identity" to connect with Azure Key Vault. This is different than running your code from a Azure VM connect with Azure Key Vault. As mentioned in the documentation, when you run this code from Azure VM, the code uses the VM service principal (which gets created when managed identity is enabled on the VM) to get the access token and connect with Azure Key Vault.

    If you are facing issues while accessing the endpoint from your local machine then can you please check if you have selected the correct Account under Azure Service Authentication in your Visual Studio. Go to Visual Studio and Tools > Options. 10243-visualstudioauthentication.png

    Please refer to the documentation to know more.

    0 comments No comments

0 additional answers

Sort by: Most helpful