question

John9720 avatar image
0 Votes"
John9720 asked SaurabhSharma-msft answered

Get oauth token for Azure Key Vault


Following the tutorial below, I am trying to get an oauth2 token to be able to use for access to Key Vault. The tutorial does not mention where to get the "local (URI) Managed Service Identity endpoint" for the oauth2 token. I tried using the "OAuth 2.0 token endpoint (v2)" found in Azure AD, but I get a response "You must sign into your account". Is the token endpoint supposed to be different? if so where is that found? If I am using the correct endpoint, then how to solve this because the whole purpose of using Key Vault is so that you don't have to store your credentials locally

https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-windows-virtual-machine

     static string GetToken()
     {
         WebRequest request = WebRequest.Create("https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token");
         request.Headers.Add("Metadata", "true");
         WebResponse response = request.GetResponse();
         return ParseWebResponse(response, "access_token");
     }
azure-key-vault
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SaurabhSharma-msft avatar image
0 Votes"
SaurabhSharma-msft answered

@John9720 If you are trying to run this code from your local environment instead of an Azure VM (with managed identity enabled) then the .net library Microsoft.Azure.Services.AppAuthentication fetches developer credentials to fetch the token and connect with Azure Key Vault. You do not need any "local Managed Service Identity" to connect with Azure Key Vault. This is different than running your code from a Azure VM connect with Azure Key Vault. As mentioned in the documentation, when you run this code from Azure VM, the code uses the VM service principal (which gets created when managed identity is enabled on the VM) to get the access token and connect with Azure Key Vault.


If you are facing issues while accessing the endpoint from your local machine then can you please check if you have selected the correct Account under Azure Service Authentication in your Visual Studio. Go to Visual Studio and Tools > Options. 10243-visualstudioauthentication.png


Please refer to the documentation to know more.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.