|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(SQL Server) Azure Key Vault Get OAuth2 Access Token using Client CredentialsSee more Azure Key Vault ExamplesDemonstrates how to get an OAuth2 access token using client credentials for an Azure Key Vault resource.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int DECLARE @iTmp0 int -- Important: Do not use nvarchar(max). See the warning about using nvarchar(max). DECLARE @sTmp0 nvarchar(4000) -- This example requires the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. -- You can use OAuth2 client credentials with an Azure App (service principal) that has -- the required Role-Based Access Control (RBAC) permissions. -- In this case, it would be service principal with RBAC permissions to administer and manage -- the key vault. -- You can create the Azure App (also known as the Service Principal) -- in the Azure CLI (command line interface) as follows: -- ---------------------------------------------------------------------- -- az ad sp create-for-rbac --name http://example.com --role Contributor -- ---------------------------------------------------------------------- -- The argument to --name must be a valid URI that is a verified domain of your -- organization or its subdomain. -- The output of the above "az ad sp create-for-rbac ..." command is JSON such as this: -- { -- "appId": "25ac6e3a-9ac7-42b9-b13e-18644c1de959", -- "displayName": "azure-cli-2023-10-14-22-38-15", -- "name": "http://example.com", -- "password": "f1f2f3f0-52dc-4236-8295-c8a1d6aa393c", -- "tenant": "4d8dfd66-68d1-13b0-af5c-b31b4b3d53d" -- } -- Save the values in the above JSON. You'll need it below.. -- You'll also want to add the role of "Key Vault Administrator" to the Service Principal -- for the particular key vault. -- ---------------------------------------------------------------------- -- az role assignment create --assignee <Application-ID> --role "Key Vault Administrator" -- --scope /subscriptions/<Subscription-ID>/resourceGroups/<Resource-Group-Name>/providers/Microsoft.KeyVault/vaults/<KeyVault-Name> -- ---------------------------------------------------------------------- DECLARE @http int -- Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Http', @http OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END DECLARE @req int -- Use "Chilkat_9_5_0.HttpRequest" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.HttpRequest', @req OUT -- Add query params to the request. EXEC sp_OAMethod @req, 'AddParam', NULL, 'grant_type', 'client_credentials' -- Use the service principal's appId EXEC sp_OAMethod @req, 'AddParam', NULL, 'client_id', '25ac6e3a-9ac7-42b9-b13e-18644c1de959' -- Use the service principal's password. EXEC sp_OAMethod @req, 'AddParam', NULL, 'client_secret', 'f1f2f3f0-52dc-4236-8295-c8a1d6aa393c' -- Note: The resource must match the API for which you're using the access token.. EXEC sp_OAMethod @req, 'AddParam', NULL, 'resource', 'https://vault.azure.net' DECLARE @success int EXEC sp_OAMethod @http, 'SetUrlVar', @success OUT, 'tenant', '4d8dfd66-68d1-13b0-af5c-b31b4b3d53d' DECLARE @resp int EXEC sp_OAMethod @http, 'PostUrlEncoded', @resp OUT, 'https://login.microsoftonline.com/{$tenant}/oauth2/token', @req EXEC sp_OAGetProperty @http, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @http, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @http EXEC @hr = sp_OADestroy @req RETURN END DECLARE @strRespBody nvarchar(4000) EXEC sp_OAGetProperty @resp, 'BodyStr', @strRespBody OUT DECLARE @respStatusCode int EXEC sp_OAGetProperty @resp, 'StatusCode', @respStatusCode OUT IF @respStatusCode >= 400 BEGIN PRINT 'Response Status Code = ' + @respStatusCode PRINT 'Response Body:' PRINT @strRespBody EXEC @hr = sp_OADestroy @resp EXEC @hr = sp_OADestroy @http EXEC @hr = sp_OADestroy @req RETURN END DECLARE @jsonResp int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonResp OUT EXEC sp_OAMethod @jsonResp, 'Load', @success OUT, @strRespBody EXEC sp_OASetProperty @jsonResp, 'EmitCompact', 0 EXEC sp_OAMethod @jsonResp, 'Emit', @sTmp0 OUT PRINT @sTmp0 -- The result is an access token such as the following: -- { -- "token_type": "Bearer", -- "expires_in": "3600", -- "ext_expires_in": "3600", -- "expires_on": "1557864616", -- "not_before": "1557860716", -- "resource": "https://vault.azure.net", -- "access_token": "eyJ0eXAiOiJKV1QiL ... 20UFDDOHEyUg" -- } -- If you wish, you can save the token to a file. -- The access token is generally valid for 1 hour. -- After 1 hour, you would need to get a new access token in the same way. EXEC sp_OAMethod @jsonResp, 'WriteFile', @success OUT, 'qa_data/tokens/azureKeyVaultToken.json' EXEC @hr = sp_OADestroy @resp EXEC @hr = sp_OADestroy @http EXEC @hr = sp_OADestroy @req EXEC @hr = sp_OADestroy @jsonResp END GO |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.