|
Chilkat • HOME • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi DLL • Go • Java • Node.js • Objective-C • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(DataFlex) Azure Key Vault Get OAuth2 Access Token using Client CredentialsSee more Azure Key Vault ExamplesDemonstrates how to get an OAuth2 access token using client credentials for an Azure Key Vault resource.Note: This example requires Chilkat v11.0.0 or greater.
Use ChilkatAx-win32.pkg Procedure Test Boolean iSuccess Handle hoHttp Variant vReq Handle hoReq Variant vResp Handle hoResp String sStrRespBody Integer iRespStatusCode Handle hoJsonResp String sTemp1 Move False To iSuccess // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // --- // See RBAC Permissions Required for Azure Key Vault API Using OAuth2 Client Credentials Flow // --- // You can use OAuth2 client credentials with an Azure App (service principal) that has // the required Role-Based Access Control (RBAC) permissions. // In this case, it would be service principal with RBAC permissions to administer and manage // the key vault. // You can create the Azure App (also known as the Service Principal) // in the Azure CLI (command line interface) as follows: // ---------------------------------------------------------------------- // az ad sp create-for-rbac --name http://example.com --role Contributor // ---------------------------------------------------------------------- // The argument to --name must be a valid URI that is a verified domain of your // organization or its subdomain. // The output of the above "az ad sp create-for-rbac ..." command is JSON such as this: // { // "appId": "25ac6e3a-9ac7-42b9-b13e-18644c1de959", // "displayName": "azure-cli-2023-10-14-22-38-15", // "name": "http://example.com", // "password": "f1f2f3f0-52dc-4236-8295-c8a1d6aa393c", // "tenant": "4d8dfd66-68d1-13b0-af5c-b31b4b3d53d" // } // Save the values in the above JSON. You'll need it below.. // You'll also want to add the role of "Key Vault Administrator" to the Service Principal // for the particular key vault. // ---------------------------------------------------------------------- // az role assignment create --assignee <Application-ID> --role "Key Vault Administrator" // --scope /subscriptions/<Subscription-ID>/resourceGroups/<Resource-Group-Name>/providers/Microsoft.KeyVault/vaults/<KeyVault-Name> // ---------------------------------------------------------------------- Get Create (RefClass(cComChilkatHttp)) To hoHttp If (Not(IsComObjectCreated(hoHttp))) Begin Send CreateComObject of hoHttp End Get Create (RefClass(cComChilkatHttpRequest)) To hoReq If (Not(IsComObjectCreated(hoReq))) Begin Send CreateComObject of hoReq End // Add query params to the request. Send ComAddParam To hoReq "grant_type" "client_credentials" // Use the service principal's appId Send ComAddParam To hoReq "client_id" "25ac6e3a-9ac7-42b9-b13e-18644c1de959" // Use the service principal's password. Send ComAddParam To hoReq "client_secret" "f1f2f3f0-52dc-4236-8295-c8a1d6aa393c" // Note: The resource must match the API for which you're using the access token.. Send ComAddParam To hoReq "resource" "https://vault.azure.net" Get ComSetUrlVar Of hoHttp "tenant" "4d8dfd66-68d1-13b0-af5c-b31b4b3d53d" To iSuccess Set ComHttpVerb Of hoReq To "POST" Set ComContentType Of hoReq To "application/x-www-form-urlencoded" Get Create (RefClass(cComChilkatHttpResponse)) To hoResp If (Not(IsComObjectCreated(hoResp))) Begin Send CreateComObject of hoResp End Get pvComObject of hoReq to vReq Get pvComObject of hoResp to vResp Get ComHttpReq Of hoHttp "https://login.microsoftonline.com/{$tenant}/oauth2/token" vReq vResp To iSuccess If (iSuccess = False) Begin Get ComLastErrorText Of hoHttp To sTemp1 Showln sTemp1 Procedure_Return End Get ComBodyStr Of hoResp To sStrRespBody Get ComStatusCode Of hoResp To iRespStatusCode If (iRespStatusCode >= 400) Begin Showln "Response Status Code = " iRespStatusCode Showln "Response Body:" Showln sStrRespBody Procedure_Return End Get Create (RefClass(cComChilkatJsonObject)) To hoJsonResp If (Not(IsComObjectCreated(hoJsonResp))) Begin Send CreateComObject of hoJsonResp End Get ComLoad Of hoJsonResp sStrRespBody To iSuccess Set ComEmitCompact Of hoJsonResp To False Get ComEmit Of hoJsonResp To sTemp1 Showln sTemp1 // The result is an access token such as the following: // { // "token_type": "Bearer", // "expires_in": "3600", // "ext_expires_in": "3600", // "expires_on": "1557864616", // "not_before": "1557860716", // "resource": "https://vault.azure.net", // "access_token": "eyJ0eXAiOiJKV1QiL ... 20UFDDOHEyUg" // } // If you wish, you can save the token to a file. // The access token is generally valid for 1 hour. // After 1 hour, you would need to get a new access token in the same way. Get ComWriteFile Of hoJsonResp "qa_data/tokens/azureKeyVaultToken.json" To iSuccess End_Procedure |
||||
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.