Menu
I'm trying to invoke an authentication process with a windows Azure AD tenant application using oAuth 2.0 by using curl. But I couldn't figure out what is the parameter "resource' in below sample code:
curl -X POST https://login.windows.net/<<YOUR--AD-TENANT-ID>>/oauth2/token \
-F redirect_uri=http://google.com \
-F grant_type=authorization_code \
**-F resource=https://management.core.windows.net/ \**
-F client_id=87a544fd-... \
-F code=AwABAAAAvPM1...8sSAA
901
With Microsoft Graph, you can access Azure Active Directory (Azure AD) resources to enable scenarios like managing administrator (directory) roles, inviting external users to an organization, and, if you are a Cloud Solution Provider (CSP), managing your customer's data.
The OAuth 2.0 is the industry protocol for authorization. It allows a user to grant limited access to its protected resources. Designed to work specifically with Hypertext Transfer Protocol (HTTP), OAuth separates the role of the client from the resource owner.
Now, bringing OAuth2 and its delegated authorization idea, a user gives an application consent to access their resources (i.e. “Tenant 1”, “Tenant 2”, and “Tenant 3”). Let's start with a all-powerful token that a first-party application might get. That token would allow the application to do anything the user can do.
Register the Application in the Azure Active Directory (AAD) Resource on the Azure Portal. Configure the Application in Azure Active Directory. Use the Microsoft Authentication Library to get an Access token. Use the Access Token to Get the List of Environments.
Resource parameter depicts the identifier of the WebAPI that your client wants to access on behalf of the user. Most flows in OAuth involve 4 parties, the resource owner (aka user), the client (aka app), the authority (aka identity provider) and the resource (aka webapi). The audience of the access token that the authority generates is the resource identifier.
In the case of Azure AD you can either use the Client ID or the App ID URI of the resource WebAPI (Find them in the configure tab of the Azure AD application in the Azure Management portal). For instance, if I want my client to get a token to access the Azure AD Graph API on behalf of the user, I would request for a token for resource "https://graph.windows.net". In your example, the resource parameter value identifies the Azure Service Management APIs.
Here are some code samples of Client Apps using Azure AD SDKs to request for tokens to WebAPIs - different usages of the resource parameter:
Hope this helps.
83
In simple words resource parameter contain the URI of the Web API resource, you want to access.
OAuth protocol follows the Token based access to the resources. Parameter "resource" helps to distinguish between tokens for different WEB API.
For example if you want to access GRAPH API- then resource will be- "https://graph.windows.net/"
If you want to access AZURE, The resource parameter must specified as- "http://management.azure.com".
It is recommended to use this parameter, Although it is not compulsory.
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
