Create a bearer token with managed identity using REST API for accessing Azure Media Services assets

nateClicks 66 Reputation points
2022-06-29T17:36:07.57+00:00

I am currently attempting to use the Azure Media Services rest api to access the assets. When attempting to make this request. I get an error letting me know that I need an authorization token in the header of my request.

How can I get/create that token using Managed Identity I have associated with that media service resource with the REST API?

The examples I have found focus on using a Service Principal and Azure Active Directory (which I am not using in this project)

Azure Media Services
Azure Media Services
A group of Azure services that includes encoding, format conversion, on-demand streaming, content protection, and live streaming services.
256 questions
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,676 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jon Payne 1 Reputation point
    2022-06-29T18:18:11.307+00:00

    The Media Services ARM API can be accessed using a Managed Identity. For this to work, the Managed Identity must be granted access to the Media Services account.

    First you would need to get a token. The process to get tokens depends on the Managed Identity provider, here are some examples:

    When requesting tokens to call the Media Services ARM API, the resource should be set to https://management.azure.com/.

    Once you have a token, you can call the ARM API by specifying the token in the Authorization header, for example:

    https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/myrg/providers/Microsoft.Media/mediaservices/mymedia/assets?api-version=2021-11-01  
    Authorization: Bearer <token-goes-here>  
    
    No comments

  2. nateClicks 66 Reputation points
    2022-06-29T18:48:18.497+00:00

    The user-assigned managed identity I have was created as part of the process of setting up the media services account. In that case, what is the "Managed Identity provider" that you mention above? I don't have a VM or App Service for this (that I am aware of, at least)

    Through the portal UI, I have attempted to make sure that the managed identity has access to the media services account. However, that specific scope does not appear to be available(see image). For now, I have given it access to the subscription as a Contributor in hopes that will provide it access to the media services account. Will that work?

    216220-image.png