Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Keyvault Authentication (REST API)

Tags:

azure

azure-keyvault

I am a little confused by Microsoft's scattered documentation.

I have created an application (https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal), which means I now have:

  • Application ID
  • Key
  • Directory ID

I have gone into the KeyVault in Azure Portal, and I have granted permissions to the application.

For test purposes, I am trying to run a test via CURL. The basis I am using for this is the following Microsoft pages (https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token and https://learn.microsoft.com/en-us/rest/api/#create-the-request)

So, the first thing I do is get a token through the following call:

curl -d "grant_type=client_credentials&client_id=<removed_for_security>&client_secret=<removed_for_security>" https://login.microsoftonline.com/<removed_for_security>/oauth2/token

This returns a token.

I then (try to) use that token as follows:

curl -H "Authorization: Bearer <removed_for_security>” -vv https://<removed_for_security>.vault.azure.net/secrets/<removed_for_security>/<removed_for_security>

I get no content back, just "HTTP/1.1 401 Unauthorized"

like image 809
Little Code Avatar asked Mar 09 '23 04:03

Little Code

2 Answers

You need to specify the resource you are requesting the token for.

curl -d "grant_type=client_credentials&client_id=<removed_for_security>&client_secret=<removed_for_security>&resource=https://vault.azure.net" https://login.microsoftonline.com/<removed_for_security>/oauth2/token

and also add the api version.

like image 98
sisir sagar Avatar answered Mar 31 '23 15:03

sisir sagar

Ok, so I can confirm that the request you are doing is valid, for the most part, you forgot the API-version, but problem is not with the API version (it would tell you that).

https://xxx.vault.azure.net/secrets/xxx/?api-version=2015-06-01

this url works, so I guess the token is not right. The easiest way to check would be to go to JWT.io and paste the token there and see the contents, if they match with what the Key Vault expects. Probably you have a mismatch.

like image 32
4c74356b41 Avatar answered Mar 31 '23 15:03

4c74356b41
Sign in to Comment

Related questions

Creating Container using Azure Resource Manager Template
Why is my Azure WebJobs "settings.job" file being ignored?
How to get Azure Storage Queue size/position
Configure Endpoint Monitoring via 'new' azure portal
ADFS (3.0) integration with iPad app to achieve SSO implementation
Find out which query increasing DTU in SQL Azure
Different Schemas produce Error retrieving data from one or more shards. The underlying error message received was: Invalid object name
Different service bus connection strings for ServiceBusTrigger WebJob
How to send a SAML Request?
How do I configure Service Fabric Placement Constraints?
Transform ServiceDefinition.csdef
Power BI live connection to PostgreSQL
401 Errors Calling the Microsoft Luis.ai Programmatic API
How to add a reference to an Azure Function C# project?
Azure AD Sign Out
Azure network security group and Application Gateway
Is there a way to view blobs of managed disks in Microsoft Azure Storage Explorer or the Azure Portal?
Does Azure start up another instance of a scheduled web job if it is already running?
Application Insights Analytics - Query union of 2 or more tables
How to send a message to service bus topic from .net core application

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!