Chilkat HOME Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi DLL Go Java Node.js Objective-C PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(PowerBuilder) Azure Key Vault Get OAuth2 Access Token using Client CredentialsSee more Azure Key Vault ExamplesDemonstrates how to get an OAuth2 access token using client credentials for an Azure Key Vault resource.
integer li_rc oleobject loo_Http oleobject loo_Req oleobject loo_Resp string ls_StrRespBody integer li_RespStatusCode oleobject loo_JsonResp // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // You can use OAuth2 client credentials with an Azure App (service principal) that has // the required Role-Based Access Control (RBAC) permissions. // In this case, it would be service principal with RBAC permissions to administer and manage // the key vault. // You can create the Azure App (also known as the Service Principal) // in the Azure CLI (command line interface) as follows: // ---------------------------------------------------------------------- // az ad sp create-for-rbac --name http://example.com --role Contributor // ---------------------------------------------------------------------- // The argument to --name must be a valid URI that is a verified domain of your // organization or its subdomain. // The output of the above "az ad sp create-for-rbac ..." command is JSON such as this: // { // "appId": "25ac6e3a-9ac7-42b9-b13e-18644c1de959", // "displayName": "azure-cli-2023-10-14-22-38-15", // "name": "http://example.com", // "password": "f1f2f3f0-52dc-4236-8295-c8a1d6aa393c", // "tenant": "4d8dfd66-68d1-13b0-af5c-b31b4b3d53d" // } // Save the values in the above JSON. You'll need it below.. // You'll also want to add the role of "Key Vault Administrator" to the Service Principal // for the particular key vault. // ---------------------------------------------------------------------- // az role assignment create --assignee <Application-ID> --role "Key Vault Administrator" // --scope /subscriptions/<Subscription-ID>/resourceGroups/<Resource-Group-Name>/providers/Microsoft.KeyVault/vaults/<KeyVault-Name> // ---------------------------------------------------------------------- loo_Http = create oleobject // Use "Chilkat_9_5_0.Http" for versions of Chilkat < 10.0.0 li_rc = loo_Http.ConnectToNewObject("Chilkat.Http") if li_rc < 0 then destroy loo_Http MessageBox("Error","Connecting to COM object failed") return end if loo_Req = create oleobject // Use "Chilkat_9_5_0.HttpRequest" for versions of Chilkat < 10.0.0 li_rc = loo_Req.ConnectToNewObject("Chilkat.HttpRequest") // Add query params to the request. loo_Req.AddParam("grant_type","client_credentials") // Use the service principal's appId loo_Req.AddParam("client_id","25ac6e3a-9ac7-42b9-b13e-18644c1de959") // Use the service principal's password. loo_Req.AddParam("client_secret","f1f2f3f0-52dc-4236-8295-c8a1d6aa393c") // Note: The resource must match the API for which you're using the access token.. loo_Req.AddParam("resource","https://vault.azure.net") loo_Http.SetUrlVar("tenant","4d8dfd66-68d1-13b0-af5c-b31b4b3d53d") loo_Resp = loo_Http.PostUrlEncoded("https://login.microsoftonline.com/{$tenant}/oauth2/token",loo_Req) if loo_Http.LastMethodSuccess <> 1 then Write-Debug loo_Http.LastErrorText destroy loo_Http destroy loo_Req return end if ls_StrRespBody = loo_Resp.BodyStr li_RespStatusCode = loo_Resp.StatusCode if li_RespStatusCode >= 400 then Write-Debug "Response Status Code = " + string(li_RespStatusCode) Write-Debug "Response Body:" Write-Debug ls_StrRespBody destroy loo_Resp destroy loo_Http destroy loo_Req return end if loo_JsonResp = create oleobject // Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 li_rc = loo_JsonResp.ConnectToNewObject("Chilkat.JsonObject") loo_JsonResp.Load(ls_StrRespBody) loo_JsonResp.EmitCompact = 0 Write-Debug loo_JsonResp.Emit() // The result is an access token such as the following: // { // "token_type": "Bearer", // "expires_in": "3600", // "ext_expires_in": "3600", // "expires_on": "1557864616", // "not_before": "1557860716", // "resource": "https://vault.azure.net", // "access_token": "eyJ0eXAiOiJKV1QiL ... 20UFDDOHEyUg" // } // If you wish, you can save the token to a file. // The access token is generally valid for 1 hour. // After 1 hour, you would need to get a new access token in the same way. loo_JsonResp.WriteFile("qa_data/tokens/azureKeyVaultToken.json") destroy loo_Resp destroy loo_Http destroy loo_Req destroy loo_JsonResp |
© 2000-2025 Chilkat Software, Inc. All Rights Reserved.