0

As Azure AD authentication document have defined way to get token using /common end point as below.

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

I am able to get access_token (using /common endpoint), but now I am looking for API or way to get tenant/account wise token to access subscription of respective tenant

I see Microsoft is doing it for Azure Rest API Testing. You can hit "Try It" button and after login you will have all the Azure AD account to which you belongs and token tenant wise (You can review /accesstoken endpoint in browser console)

https://learn.microsoft.com/en-us/rest/api/resources/subscriptions/list#code-try-0

How I can achieve same as below screenshot.

enter image description here

Note: I do not have user tenant list, by which I can get tenant wise access_token

PradipB
  • 87
  • 1
  • 9

2 Answers2

0

There's a REST API to get the list of tenants (Azure ADs) a user is part of. You can find details about this API here: https://learn.microsoft.com/en-us/rest/api/resources/tenants/list.

Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
  • Thanks for the the reply, I am aware about it but what i am looking is to generate Tenant wise token to access subscription of respective tenant. Note: This whole process needs to be init by AD login flow using https://login.microsoftonline.com/common/oauth2/authorize endpoint. The main issue I am facing is related to get tenant wise token after user get logged in using https://login.microsoftonline.com/common/oauth2/authorize endpoint. – PradipB Jan 16 '20 at 06:08
  • You can review how Microsoft is doing it for it's own portal (review it in browser console) on this URL https://learn.microsoft.com/en-us/rest/api/resources/subscriptions/list#code-try-0 . They are calling this endpoint after user get logged in, which returns them a tenant wise token i want to achieve same https://token.learn.microsoft.com/accesstokens – PradipB Jan 16 '20 at 06:13
0

You can get tenant wise subscription list from passing particular tenant id when getting access token.

var accessToken =
                await tokenAcquisition.GetAccessTokenForUserAsync(new[] { $"{ArmApiOperationService.ArmResource}user_impersonation" }, tenantid);

But ms doc using another method '.TokenAuthCookies' cookie header when requesting from 'https://token.learn.microsoft.com/accesstokens'. We have generate tokencookie when we sign with open id. Did you find a way for that already?

dglumesh
  • 101
  • 1
  • 4
  • 15
  • @PradipB I have raised a issue on official azure sample GitHub repo here https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/issues/403. If you found any solution for getting that '.TokenAuthCookies' cookie please mention it here – dglumesh Aug 28 '20 at 04:55