Quickstart: Authenticate using Microsoft Entra ID
Get started with Azure Communication Services by using Microsoft Entra ID. The Communication Services Identity and SMS SDKs support Microsoft Entra authentication.
This quickstart shows you how to authorize access to the Identity and SMS SDKs from an Azure environment that supports Active Directory. It also describes how to test your code in a development environment by creating a service principal for your work.
Prerequisites
- An Azure account with an active subscription. Create an account for free
- An active Azure Communication Services resource, see create a Communication Services resource if you do not have one.
- To send an SMS you will need a Phone Number.
- A setup Service Principal for a development environment, see Authorize access with service principal
Additional Prerequisites
- Azure CLI. Installation guide
Setting Up
When using Active Directory for other Azure Resources, you should be using Managed identities. To learn how to enable managed identities for Azure Resources, see one of these articles:
- Azure portal
- Azure PowerShell
- Azure CLI
- Azure Resource Manager template
- Azure Resource Manager SDKs
- App services
Authenticate a registered application in the development environment
If your development environment doesn't support single sign-on or login via a web browser, then you can use a registered application to authenticate from the development environment.
Creating a Microsoft Entra registered Application
To create a registered application from the Azure CLI, you need to be logged in to the Azure account where you want the operations to take place. To do this, you can use the az login command and enter your credentials in the browser. Once you're logged in to your Azure account from the CLI, we can call the az ad sp create-for-rbac command to create the registered application and service principal.
The following example uses the Azure CLI to create a new registered application:
az ad sp create-for-rbac --name <application-name> --role Contributor --scopes /subscriptions/<subscription-id>
The az ad sp create-for-rbac command will return a list of service principal properties in JSON format. Copy these values so that you can use them to create the necessary environment variables in the next step.
{
"appId": "generated-app-ID",
"displayName": "service-principal-name",
"name": "http://service-principal-uri",
"password": "generated-password",
"tenant": "tenant-ID"
}
Important
Azure role assignments may take a few minutes to propagate.
Set environment variables
The Azure Identity SDK reads values from three environment variables at runtime to authenticate the application. The following table describes the value to set for each environment variable.
| Environment variable | Value |
|---|---|
AZURE_CLIENT_ID |
appId value from the generated JSON |
AZURE_TENANT_ID |
tenant value from the generated JSON |
AZURE_CLIENT_SECRET |
password value from the generated JSON |
Important
After you set the environment variables, close and re-open your console window. If you're using Visual Studio or another development environment, you may need to restart it in order for it to register the new environment variables.
Once these variables have been set, you should be able to use the DefaultAzureCredential object in your code to authenticate to the service client of your choice.
Note
Find the finalized code for this quickstart on GitHub
Setting up
Create a new C# application
In a console window (such as cmd, PowerShell, or Bash), use the dotnet new command to create a new console app with the name ActiveDirectoryQuickstart. This command creates a simple "Hello World" C# project with a single source file: Program.cs.
dotnet new console -o ActiveDirectoryAuthenticationQuickstart
Change your directory to the newly created app folder and use the dotnet build command to compile your application.
cd ActiveDirectoryAuthenticationQuickstart
dotnet build
Install the SDK packages
dotnet add package Azure.Communication.Identity
dotnet add package Azure.Communication.Sms
dotnet add package Azure.Identity
Use the SDK packages
Add the following using directives to Program.cs to use the Azure Identity and Azure Storage SDKs.
using Azure.Identity;
using Azure.Communication.Identity;
using Azure.Communication.Sms;
using Azure.Core;
using Azure;
Create a DefaultAzureCredential
We'll be using the DefaultAzureCredential for this quickstart. This credential is suitable for production and development environments. As it is needed for each operation let's create it within the Program.cs class. Add the following to the top of the file.
private DefaultAzureCredential credential = new DefaultAzureCredential();
Issue a token with service principals
Now we'll add code which uses the created credential, to issue a VoIP Access Token. We'll call this code later on.
public AccessToken CreateIdentityAndGetTokenAsync(Uri resourceEndpoint)
{
var client = new CommunicationIdentityClient(resourceEndpoint, this.credential);
var result = client.CreateUserAndToken(scopes: new[] { CommunicationTokenScope.VoIP });
var (user, token) = response.Value;
return token;
}
Send an SMS with service principals
As another example of using service principals, we'll add this code which uses the same credential to send an SMS:
public SmsSendResult SendSms(Uri resourceEndpoint, string from, string to, string message)
{
SmsClient smsClient = new SmsClient(resourceEndpoint, this.credential);
SmsSendResult sendResult = smsClient.Send(
from: from,
to: to,
message: message,
new SmsSendOptions(enableDeliveryReport: true) // optional
);
return sendResult;
}
Write the Main method
Your Program.cs should already have a Main method, let's add some code which will call our previously created code to demonstrate the use of service principals:
static void Main(string[] args)
{
// You can find your endpoint and access key from your resource in the Azure portal
// e.g. "https://<RESOURCE_NAME>.communication.azure.com";
Uri endpoint = new("https://<RESOURCENAME>.communication.azure.com/");
// We need an instance of the program class to use within this method.
Program instance = new();
Console.WriteLine("Retrieving new Access Token, using Service Principals");
AccessToken response = instance.CreateIdentityAndGetTokenAsync(endpoint);
Console.WriteLine($"Retrieved Access Token: {response.Token}");
Console.WriteLine("Sending SMS using Service Principals");
// You will need a phone number from your resource to send an SMS.
SmsSendResult result = instance.SendSms(endpoint, "<Your Azure Communication Services Phone Number>", "<The Phone Number you'd like to send the SMS to.>", "Hello from using Service Principals");
Console.WriteLine($"Sms id: {result.MessageId}");
Console.WriteLine($"Send Result Successful: {result.Successful}");
}
Your final Program.cs file should look like this:
class Program
{
private DefaultAzureCredential credential = new DefaultAzureCredential();
static void Main(string[] args)
{
// You can find your endpoint and access key from your resource in the Azure portal
// e.g. "https://<RESOURCE_NAME>.communication.azure.com";
Uri endpoint = new("https://acstestingrifox.communication.azure.com/");
// We need an instance of the program class to use within this method.
Program instance = new();
Console.WriteLine("Retrieving new Access Token, using Service Principals");
AccessToken response = instance.CreateIdentityAndGetTokenAsync(endpoint);
Console.WriteLine($"Retrieved Access Token: {response.Token}");
Console.WriteLine("Sending SMS using Service Principals");
// You will need a phone number from your resource to send an SMS.
SmsSendResult result = instance.SendSms(endpoint, "<Your Azure Communication Services Phone Number>", "<The Phone Number you'd like to send the SMS to.>", "Hello from Service Principals");
Console.WriteLine($"Sms id: {result.MessageId}");
Console.WriteLine($"Send Result Successful: {result.Successful}");
}
public AccessToken CreateIdentityAndGetTokenAsync(Uri resourceEndpoint)
{
var client = new CommunicationIdentityClient(resourceEndpoint, this.credential);
var result = client.CreateUserAndToken(scopes: new[] { CommunicationTokenScope.VoIP });
var (user, token) = response.Value;
return token;
}
public SmsSendResult SendSms(Uri resourceEndpoint, string from, string to, string message)
{
SmsClient smsClient = new SmsClient(resourceEndpoint, this.credential);
SmsSendResult sendResult = smsClient.Send(
from: from,
to: to,
message: message,
new SmsSendOptions(enableDeliveryReport: true) // optional
);
return sendResult;
}
}
Run the program
You should now be able to run your application, using dotnet run from your application folder. The output should resemble the following:
Retrieving new Access Token, using Service Principals
Retrieved Access Token: ey....
Sending SMS using Service Principals
Sms id: Outgoing_..._noam
Send Result Successful: True
Note
Find the finalized code for this quickstart on GitHub
Setting up
Create a new Node.js application
Open your terminal or command window create a new directory for your app, and navigate to it.
mkdir active-directory-authentication-quickstart && cd active-directory-authentication-quickstart
Run npm init -y to create a package.json file with default settings.
npm init -y
Install the SDK packages
npm install @azure/communication-identity
npm install @azure/communication-common
npm install @azure/communication-sms
npm install @azure/identity
Create a new file
Open a new file with a text editor and save it as index.js, we'll be placing our code inside this file.
Use the SDK packages
Add the following require directives to the top of index.js to use the Azure Identity and Azure Storage SDKs.
const { DefaultAzureCredential } = require("@azure/identity");
const { CommunicationIdentityClient, CommunicationUserToken } = require("@azure/communication-identity");
const { SmsClient, SmsSendRequest } = require("@azure/communication-sms");
Create a DefaultAzureCredential
We'll be using the DefaultAzureCredential for this quickstart. This credential is suitable for production and development environments. As it is needed for each operation let's create it within the top of our index.js file.
const credential = new DefaultAzureCredential();
Create an identity and issue a token with service principals
Next, we'll write a function which creates a new identity and issues a token for this identity, we'll use this later to test our service principal setup.
async function createIdentityAndIssueToken(resourceEndpoint) {
const client = new CommunicationIdentityClient(resourceEndpoint, credential);
return await client.createUserAndToken(["chat"]);
}
Send an SMS with service principals
Now, lets write a function which uses service principals to send an SMS:
async function sendSms(resourceEndpoint, fromNumber, toNumber, message) {
const smsClient = new SmsClient(resourceEndpoint, credential);
const sendRequest = {
from: fromNumber,
to: [toNumber],
message: message
};
return await smsClient.send(
sendRequest,
{} //Optional SendOptions
);
}
Write the main function
With our functions created we can now write a main function to call them and demonstrate the use of Service Principals:
async function main() {
// You can find your endpoint and access key from your resource in the Azure portal
// e.g. "https://<RESOURCE_NAME>.communication.azure.com";
const endpoint = "https://<RESOURCE_NAME>.communication.azure.com/"
console.log("Retrieving new Access Token, using Service Principals");
const result = await createIdentityAndIssueToken(endpoint);
console.log(`Retrieved Access Token: ${result.token}`);
console.log("Sending SMS using Service Principals");
// You will need a phone number from your resource to send an SMS.
const smsResult = await sendSms(endpoint, "<FROM NUMBER>", "<TO NUMBER>", "Hello from Service Principals");
console.log(`SMS ID: ${smsResult[0].messageId}`);
console.log(`Send Result Successful: ${smsResult[0].successful}`);
}
main();
The final index.js file should look like this:
const { DefaultAzureCredential } = require("@azure/identity");
const { CommunicationIdentityClient, CommunicationUserToken } = require("@azure/communication-identity");
const { SmsClient, SmsSendRequest } = require("@azure/communication-sms");
const credential = new DefaultAzureCredential();
async function createIdentityAndIssueToken(resourceEndpoint) {
const client = new CommunicationIdentityClient(resourceEndpoint, credential);
return await client.createUserAndToken(["chat"]);
}
async function sendSms(resourceEndpoint, fromNumber, toNumber, message) {
const smsClient = new SmsClient(resourceEndpoint, credential);
const sendRequest = {
from: fromNumber,
to: [toNumber],
message: message
};
return await smsClient.send(
sendRequest,
{} //Optional SendOptions
);
}
async function main() {
// You can find your endpoint and access key from your resource in the Azure portal
// e.g. "https://<RESOURCE_NAME>.communication.azure.com";
const endpoint = "https://<RESOURCE_NAME>.communication.azure.com/"
console.log("Retrieving new Access Token, using Service Principals");
const result = await createIdentityAndIssueToken(endpoint);
console.log(`Retrieved Access Token: ${result.token}`);
console.log("Sending SMS using Service Principals");
// You will need a phone number from your resource to send an SMS.
const smsResult = await sendSms(endpoint, "<FROM NUMBER>", "<TO NUMBER>", "Hello from Service Principals");
console.log(`SMS ID: ${smsResult[0].messageId}`);
console.log(`Send Result Successful: ${smsResult[0].successful}`);
}
main();
Run the program
With everything complete, you can run the file by entering node index.js from your project's directory. If everything went well you should see something similar to the following.
$ node index.js
Retrieving new Access Token, using Service Principals
Retrieved Access Token: ey...Q
Sending SMS using Service Principals
SMS ID: Outgoing_2021040602194...._noam
Send Result Successful: true
Additional prerequisites for Java
For Java, you'll also need:
- Java Development Kit (JDK) version 8 or above.
- Apache Maven.
Note
Find the finalized code for this quickstart on GitHub
Setting up
Create a new Java application
Open your terminal or command window. Navigate to the directory where you'd like to create your Java application. Run the command below to generate the Java project from the maven-archetype-quickstart template.
mvn archetype:generate -DgroupId=com.communication.quickstart -DartifactId=communication-quickstart -DarchetypeArtifactId=maven-archetype-quickstart -DarchetypeVersion=1.4 -DinteractiveMode=false
You'll notice that the 'generate' task created a directory with the same name as the artifactId. Under this directory, the src/main/java directory contains the project source code, the src/test/java directory contains the test source, and the pom.xml file is the project's Project Object Model, or POM.
Install the package
Open the pom.xml file in your text editor. Add the following dependency element to the group of dependencies.
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-communication-identity</artifactId>
<version>[1.4.0,)</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-communication-sms</artifactId>
<version>1.0.0</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.2.3</version>
</dependency>
Use the SDK packages
Add the following import directives to your code to use the Azure Identity and Azure Communication SDKs.
import com.azure.communication.common.*;
import com.azure.communication.identity.*;
import com.azure.communication.identity.models.*;
import com.azure.communication.sms.*;
import com.azure.communication.sms.models.*;
import com.azure.core.credential.*;
import com.azure.identity.*;
import java.util.*;
Create a DefaultAzureCredential
We'll be using the DefaultAzureCredential for this quickstart. This credential is suitable for production and development environments. As it is needed for each operation let's create it within the App.java class. Add the following to the top of the App.java class.
private TokenCredential credential = new DefaultAzureCredentialBuilder().build();
Issue a token with service principals
Now we'll add code which uses the created credential, to issue a VoIP Access Token. We'll call this code later on;
public AccessToken createIdentityAndGetTokenAsync(String endpoint) {
CommunicationIdentityClient communicationIdentityClient = new CommunicationIdentityClientBuilder()
.endpoint(endpoint)
.credential(this.credential)
.buildClient();
CommunicationUserIdentifierAndToken result = communicationIdentityClient.createUserAndToken(new ArrayList<>(Arrays.asList(CommunicationTokenScope.CHAT)));
return result.getUserToken();
}
Send an SMS with service principals
As another example of using service principals, we'll add this code which uses the same credential to send an SMS:
public SmsSendResult sendSms(String endpoint, String from, String to, String message) {
SmsClient smsClient = new SmsClientBuilder()
.endpoint(endpoint)
.credential(this.credential)
.buildClient();
// Send the message and check the response for a message id
return smsClient.send(from, to, message);
}
Write the Main method
Your App.java should already have a Main method, let's add some code which will call our previously created code to demonstrate the use of service principals:
public static void main(String[] args) {
App instance = new App();
// You can find your endpoint and access key from your resource in the Azure portal
// e.g. "https://<RESOURCE_NAME>.communication.azure.com";
String endpoint = "https://<RESOURCE_NAME>.communication.azure.com/";
System.out.println("Retrieving new Access Token, using Service Principals");
AccessToken token = instance.createIdentityAndGetTokenAsync(endpoint);
System.out.println("Retrieved Access Token: "+ token.getToken());
System.out.println("Sending SMS using Service Principals");
// You will need a phone number from your resource to send an SMS.
SmsSendResult result = instance.sendSms(endpoint, "<FROM NUMBER>", "<TO NUMBER>", "Hello from Service Principals");
System.out.println("Sms id: "+ result.getMessageId());
System.out.println("Send Result Successful: "+ result.isSuccessful());
}
Your final App.java should look like this:
package com.communication.quickstart;
import com.azure.communication.common.*;
import com.azure.communication.identity.*;
import com.azure.communication.identity.models.*;
import com.azure.communication.sms.*;
import com.azure.communication.sms.models.*;
import com.azure.core.credential.*;
import com.azure.identity.*;
import java.util.*;
public class App
{
private TokenCredential credential = new DefaultAzureCredentialBuilder().build();
public SmsSendResult sendSms(String endpoint, String from, String to, String message) {
SmsClient smsClient = new SmsClientBuilder()
.endpoint(endpoint)
.credential(this.credential)
.buildClient();
// Send the message and check the response for a message id
return smsClient.send(from, to, message);
}
public AccessToken createIdentityAndGetTokenAsync(String endpoint) {
CommunicationIdentityClient communicationIdentityClient = new CommunicationIdentityClientBuilder()
.endpoint(endpoint)
.credential(this.credential)
.buildClient();
CommunicationUserIdentifierAndToken result = communicationIdentityClient.createUserAndToken(new ArrayList<>(Arrays.asList(CommunicationTokenScope.CHAT)));
return result.getUserToken();
}
public static void main(String[] args) {
App instance = new App();
// You can find your endpoint and access key from your resource in the Azure portal
// e.g. "https://<RESOURCE_NAME>.communication.azure.com";
String endpoint = "https://<RESOURCE_NAME>.communication.azure.com/";
System.out.println("Retrieving new Access Token, using Service Principals");
AccessToken token = instance.createIdentityAndGetTokenAsync(endpoint);
System.out.println("Retrieved Access Token: "+ token.getToken());
System.out.println("Sending SMS using Service Principals");
// You will need a phone number from your resource to send an SMS.
SmsSendResult result = instance.sendSms(endpoint, "<FROM NUMBER>", "<TO NUMBER>", "Hello from Service Principals");
System.out.println("Sms id: "+ result.getMessageId());
System.out.println("Send Result Successful: "+ result.isSuccessful());
}
}
Run the code
Navigate to the directory containing the pom.xml file and compile the project by using the following mvn command.
mvn compile
Then, build the package.
mvn package
Run the following mvn command to execute the app.
mvn exec:java -Dexec.mainClass="com.communication.quickstart.App" -Dexec.cleanupDaemonThreads=false
The final output should resemble the following:
Retrieving new Access Token, using Service Principals
Retrieved Access Token: ey..A
Sending SMS using using Service Principals
Sms id: Outgoing_202104...33f8ae1f_noam
Send Result Successful: true
Note
Find the finalized code for this quickstart on GitHub
Setting up
Create a new Python application
Open your terminal or command window create a new directory for your app, and navigate to it.
mkdir active-directory-authentication-quickstart && cd active-directory-authentication-quickstart
Install the SDK packages
pip install azure-identity
pip install azure-communication-identity
pip install azure-communication-sms
Create a new file
Open and save a new file within your created folder called authentication.py, we'll be placing our code inside this file.
Use the SDK packages
Add the following import statements to the top of your file to use the SDKs that we installed.
from azure.identity import DefaultAzureCredential
from azure.communication.identity import CommunicationIdentityClient
from azure.communication.sms import SmsClient
Create a DefaultAzureCredential
We'll be using the DefaultAzureCredential. This credential is suitable for production and development environments. As we'll be using it throughout this quickstart we'll create it at the top of the file.
credential = DefaultAzureCredential()
Create an identity and issue a token with service principals
Now we'll add code which uses the created credential, to issue a VoIP Access Token. We'll call this code later on:
def create_identity_and_get_token(resource_endpoint):
client = CommunicationIdentityClient(resource_endpoint, credential)
user, token_response = client.create_user_and_token(scopes=["voip"])
return token_response
Send an SMS with service principals
As another example of using service principals, we'll add this code which uses the same credential to send an SMS:
def send_sms(resource_endpoint, from_phone_number, to_phone_number, message_content):
sms_client = SmsClient(resource_endpoint, credential)
sms_client.send(
from_=from_phone_number,
to_=[to_phone_number],
message=message_content,
enable_delivery_report=True # optional property
)
Write our main code
With our functions created we can now write the main code which will call the functions we've previous written.
# You can find your endpoint and access key from your resource in the Azure portal
# e.g. "https://<RESOURCE_NAME>.communication.azure.com";
endpoint = "https://<RESOURCE_NAME>.communication.azure.com/"
print("Retrieving new Access Token, using Service Principals");
result = create_identity_and_get_token(endpoint);
print(f'Retrieved Access Token: {result.token}');
print("Sending SMS using Service Principals");
# You will need a phone number from your resource to send an SMS.
sms_result = send_sms(endpoint, "<FROM_NUMBER>", "<TO_NUMBER>", "Hello from Service Principals");
print(f'SMS ID: {sms_result[0].message_id}');
print(f'Send Result Successful: {sms_result[0].successful}');
The final authentication.py file should look something like this:
from azure.identity import DefaultAzureCredential
from azure.communication.identity import CommunicationIdentityClient
from azure.communication.sms import SmsClient
credential = DefaultAzureCredential()
def create_identity_and_get_token(resource_endpoint):
client = CommunicationIdentityClient(resource_endpoint, credential)
user, token_response = client.create_user_and_token(scopes=["voip"])
return token_response
def send_sms(resource_endpoint, from_phone_number, to_phone_number, message_content):
sms_client = SmsClient(resource_endpoint, credential)
response = sms_client.send(
from_=from_phone_number,
to=[to_phone_number],
message=message_content,
enable_delivery_report=True # optional property
)
return response
# You can find your endpoint and access key from your resource in the Azure portal
# e.g. "https://<RESOURCE_NAME>.communication.azure.com";
endpoint = "https://<RESOURCE_NAME>.communication.azure.com/"
print("Retrieving new Access Token, using Service Principals");
result = create_identity_and_get_token(endpoint);
print(f'Retrieved Access Token: {result.token}');
print("Sending SMS using Service Principals");
# You will need a phone number from your resource to send an SMS.
sms_result = send_sms(endpoint, "<FROM_NUMBER>", "<TO_NUMBER>", "Hello from Service Principals");
print(f'SMS ID: {sms_result[0].message_id}');
print(f'Send Result Successful: {sms_result[0].successful}');
Run the program
With everything complete, you can run the file by entering python authentication.py from your project's directory. If everything went well you should see something similar to the following.
$ python authentication.py
Retrieving new Access Token, using Service Principals
Retrieved Access Token: ey...Q
Sending SMS using using Service Principals
SMS ID: Outgoing_2021040602194...._noam
Send Result Successful: true