Access Azure Sphere Public API with your AAD user identity
Important
This is the Azure Sphere (Legacy) documentation. Azure Sphere (Legacy) is retiring on 27 September 2027, and users must migrate to Azure Sphere (Integrated) by this time. Use the Version selector located above the TOC to view the Azure Sphere (Integrated) documentation.
You can use this authentication method if you need to implement a Web application or a console application that users in the customer's Azure Active Directory (AAD) tenant can access.
Client application registrations are Azure Active Directory representations of applications that can be used to authenticate and obtain tokens. A service client is intended to be used by an application to obtain an access token without interactive authentication of a user. It will have certain application permissions and use an application secret (password) when obtaining access tokens.
Prerequisites
- Azure Active Directory Tenant (Tenant ID).
- Azure Sphere tenant.
- User with required permission in the Azure Sphere tenant.
- Add the Azure Sphere Public API Application ID to your Azure tenant.
Step 1: Register the client application
- In the Azure portal, on the left navigation pane, click Azure Active Directory.
- In the Azure Active Directory blade, click App registrations.
- Click New registration.
- Give the application a display name.
Step 2: Setup authentication
- In the Azure portal, on the left navigation pane, click Azure Active Directory.
- In App registrations, select your app, and then select Authentication.
- Set up the application as per the requirements of your application.
Step 3: Add API permissions
- Select API permissions and click Add a permission.
- Under APIs my organization uses, search for Azure Sphere Public API. The application ID for the Azure Sphere Public API is 7c209960-a417-423c-b2e3-9251907e63fe.
- Select Azure Sphere Public.
- Select azuresphere.readwrite and click Add Permissions.
Step 4: Configure your application
IPublicClientApplication publicClientApplication =
PublicClientApplicationBuilder.Create("<<App registration Client ID>>")
.WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
.WithAuthority(AzureCloudInstance.AzurePublic, "<<3rd Party Tenant Id>>")
.Build();
string[] scopes = new[] { "https://firstparty.sphere.azure.net/api/azuresphere.readwrite" };
AuthenticationResult result = await publicClientApplication.AcquireTokenInteractive(scopes).ExecuteAsync();
string accessToken=result.AccessToken;