Using authentication token in azure sdk fluent

Question

To authenticate with Azure in azure sdk fluent nuget, there is a method that uses client id and secret as below

var azureCredentials = new AzureCredentials(new 
ServicePrincipalLoginInformation
        {
            ClientId = "ClientId",
            ClientSecret = "ClientSecret"
        }, "tenantId", AzureEnvironment.AzureGlobalCloud);

Is there any interface where authentication token (JWT) can be used instead of using client id and secret while creating IAzure in the below code?

_azure = Azure
            .Configure()
            .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
            .Authenticate(azureCredentials)
            .WithSubscription(_subscriptionId); 

Note: I have a separate authenticater module that keeps client id and secret with itself and uses them to get authentication token which will be used by other components/sdks.

Answer 1

The answer is actually yes, you can use the authentication token (JWT). It's just not that obvious.

var context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId, false);
var result = context.AcquireToken("https://management.core.windows.net/", clientId, new Uri("http://localhost"), PromptBehavior.Always);
var token = result.AccessToken;
var client = RestClient
    .Configure()
    .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
    .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
    .WithCredentials(new TokenCredentials(token))
    .Build();
var azure = Azure
    .Authenticate(client, tenantId)
    .WithSubscription(subscriptionId);

Sigh...they've changed the WithCredentials to use an AzureCredentials instead of a ServiceClientCredentials. Here's an updated version:-

var context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId, false);
var result = context.AcquireToken("https://management.core.windows.net/", clientId, new Uri("http://localhost"), PromptBehavior.Always);
var token = result.AccessToken;
var tokenCredentials = new TokenCredentials(token);
var azureCredentials = new AzureCredentials(
    tokenCredentials,
    tokenCredentials,
    tenantId,
    AzureEnvironment.AzureGlobalCloud);
var client = RestClient
    .Configure()
    .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
    .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
    .WithCredentials(azureCredentials)
    .Build();
var azure = Azure
    .Authenticate(client, tenantId)
    .WithSubscription(subscriptionId);

Answer 2

Starting from Azure Management Fluent SDK v1.10 you can use any credentials provider that is derived from ServiceClientCredentials. In other words you should be able to pass already acquired Bearer token string to AzureCredentials constructor like this

var customTokenProvider = new AzureCredentials(
                        new TokenCredentials(armAuthToken),
                        new TokenCredentials(graphAuthToken),
                        tenantId,
                        AzureEnvironment.AzureGlobalCloud);

var client = RestClient
                    .Configure()
                    .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
                    .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
                    .WithCredentials(customTokenProvider)
                    .Build();

var authenticatedClient = Azure.Authenticate(client, tenantId);