4

I'd like to assign multiple user assigned managed service identities to a VM Scale Set in Azure. I can do so by following the the docs.

What I have not figured out yet is how I can request a token for a specific identity.The docs for requesting a token via the IMDS endpoint do not mention any request parameters for specifying e.g. a clientId.

Any clues?

Christian Weiss
  • 1,060
  • 10
  • 12

2 Answers2

5

Christian,

You can request tokens for a particular managed identity, by passing in the client_id or object_id in the request. For example: curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/&object_id=<USERASSIGNED_OBJECT_ID>' -H Metadata:true -s

Our docs are being updated right now to properly include this info. Thanks for the note! :)

-Arturo

Arturo Lucatero - MSFT
  • 291
  • 1
  • 9
  • Hey Arturo, looks like the parameter is client_id now https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview . Will object_id still work? Can you update your post please? – CodyK Jan 08 '19 at 19:50
  • Is it possible to achieve the same without the use of a VM? I have a data factory which has a managed identity assigned to it and I'd like to be able to access https://management.azure.com/ – user2128702 Apr 28 '21 at 12:53
0

Previous answers provide the right pointer.

If you are using Azure SDKs to write your code, then you can use Azure.Identity library and the DefaultAzureCredential object as described here - https://learn.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme#specifying-a-user-assigned-managed-identity-with-the-defaultazurecredential

karavar
  • 11
  • 3