![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 46%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,349 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello @Swetank Gupta ,
ADLS gen2 is essentially a storage account with specific settings enabled. In general a VM can be used to access a storage account using managed identity . As you do not want to request an access token within your application which would only be possible if you create a service principal in active directory and use that in your application to call ADLS gen2 instance , only way left for your would be to use a managed identity to authenticate pods themselves with other services. This is possible if you are using Azure kubernetes service and is mentioned in the article https://learn.microsoft.com/en-us/azure/aks/operator-best-practices-identity . You would have to setup AKS to use Azure AD . If you are running your own kubernetes instance on azure VMs , then you can probably try to see if the Kubernetes pod are able to use the host Linux VMs managed Identity . I am not sure if it works or not as I have not done anything like this before.
Coming to your next question about Client credentials oAuth flow. If you are using Client credentials flow , you wont get a access token-refresh token pair as you get normally in case when you use authorization code grant flow. In case of client credentials flow one has to handle this within their code. once you get the token you need to save the expiry timestamp which will be 60 minutes when it was generated. If you are running any operation like accessing data from an endpoint you would have to periodically check whether you are going to reach the time or not and accordingly request for a new token again using the same flow.
Hope the information helps. If you have any further queries , feel free to let us know and we will be happy to help . If the information in this post was useful , please do accept the post as answer which will help other members of the community . I have added a few links , please take some time to go through them and I am sure you would be able to get more clarity on this . As I am not a developer hence I have limited experience with app configuration technologies however If there is something which you are not sure of , feel free to ask and I will try to get more help internally to clarify your queries . It may take a little time but we will be happy to help .
Thank you.