|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(DataFlex) Azure Key Vault Get OAuth2 Access Token using Client CredentialsSee more Azure Key Vault ExamplesDemonstrates how to get an OAuth2 access token using client credentials for an Azure Key Vault resource.
Use ChilkatAx-win32.pkg Procedure Test Handle hoHttp Variant vReq Handle hoReq Boolean iSuccess Variant vResp Handle hoResp String sStrRespBody Integer iRespStatusCode Handle hoJsonResp String sTemp1 Boolean bTemp1 // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // You can use OAuth2 client credentials with an Azure App (service principal) that has // the required Role-Based Access Control (RBAC) permissions. // In this case, it would be service principal with RBAC permissions to administer and manage // the key vault. // You can create the Azure App (also known as the Service Principal) // in the Azure CLI (command line interface) as follows: // ---------------------------------------------------------------------- // az ad sp create-for-rbac --name http://example.com --role Contributor // ---------------------------------------------------------------------- // The argument to --name must be a valid URI that is a verified domain of your // organization or its subdomain. // The output of the above "az ad sp create-for-rbac ..." command is JSON such as this: // { // "appId": "25ac6e3a-9ac7-42b9-b13e-18644c1de959", // "displayName": "azure-cli-2023-10-14-22-38-15", // "name": "http://example.com", // "password": "f1f2f3f0-52dc-4236-8295-c8a1d6aa393c", // "tenant": "4d8dfd66-68d1-13b0-af5c-b31b4b3d53d" // } // Save the values in the above JSON. You'll need it below.. // You'll also want to add the role of "Key Vault Administrator" to the Service Principal // for the particular key vault. // ---------------------------------------------------------------------- // az role assignment create --assignee <Application-ID> --role "Key Vault Administrator" // --scope /subscriptions/<Subscription-ID>/resourceGroups/<Resource-Group-Name>/providers/Microsoft.KeyVault/vaults/<KeyVault-Name> // ---------------------------------------------------------------------- Get Create (RefClass(cComChilkatHttp)) To hoHttp If (Not(IsComObjectCreated(hoHttp))) Begin Send CreateComObject of hoHttp End Get Create (RefClass(cComChilkatHttpRequest)) To hoReq If (Not(IsComObjectCreated(hoReq))) Begin Send CreateComObject of hoReq End // Add query params to the request. Send ComAddParam To hoReq "grant_type" "client_credentials" // Use the service principal's appId Send ComAddParam To hoReq "client_id" "25ac6e3a-9ac7-42b9-b13e-18644c1de959" // Use the service principal's password. Send ComAddParam To hoReq "client_secret" "f1f2f3f0-52dc-4236-8295-c8a1d6aa393c" // Note: The resource must match the API for which you're using the access token.. Send ComAddParam To hoReq "resource" "https://vault.azure.net" Get ComSetUrlVar Of hoHttp "tenant" "4d8dfd66-68d1-13b0-af5c-b31b4b3d53d" To iSuccess Get pvComObject of hoReq to vReq Get ComPostUrlEncoded Of hoHttp "https://login.microsoftonline.com/{$tenant}/oauth2/token" vReq To vResp If (IsComObject(vResp)) Begin Get Create (RefClass(cComChilkatHttpResponse)) To hoResp Set pvComObject Of hoResp To vResp End Get ComLastMethodSuccess Of hoHttp To bTemp1 If (bTemp1 <> True) Begin Get ComLastErrorText Of hoHttp To sTemp1 Showln sTemp1 Procedure_Return End Get ComBodyStr Of hoResp To sStrRespBody Get ComStatusCode Of hoResp To iRespStatusCode If (iRespStatusCode >= 400) Begin Showln "Response Status Code = " iRespStatusCode Showln "Response Body:" Showln sStrRespBody Send Destroy of hoResp Procedure_Return End Get Create (RefClass(cComChilkatJsonObject)) To hoJsonResp If (Not(IsComObjectCreated(hoJsonResp))) Begin Send CreateComObject of hoJsonResp End Get ComLoad Of hoJsonResp sStrRespBody To iSuccess Set ComEmitCompact Of hoJsonResp To False Get ComEmit Of hoJsonResp To sTemp1 Showln sTemp1 // The result is an access token such as the following: // { // "token_type": "Bearer", // "expires_in": "3600", // "ext_expires_in": "3600", // "expires_on": "1557864616", // "not_before": "1557860716", // "resource": "https://vault.azure.net", // "access_token": "eyJ0eXAiOiJKV1QiL ... 20UFDDOHEyUg" // } // If you wish, you can save the token to a file. // The access token is generally valid for 1 hour. // After 1 hour, you would need to get a new access token in the same way. Get ComWriteFile Of hoJsonResp "qa_data/tokens/azureKeyVaultToken.json" To iSuccess Send Destroy of hoResp End_Procedure |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.