Feb 08 2024
01:16 AM
- last edited on
Mar 05 2024
05:26 PM
by
TechCommunityAP
Feb 08 2024
01:16 AM
- last edited on
Mar 05 2024
05:26 PM
by
TechCommunityAP
I need my Python script to authenticate Azure DevOps API using the System Assigned Managed Identity of the VM it is running on.
To do that, I use azure.identity to get the managed identity token from management.azure.com resource URI (I tried different URIs and none seems to work including the ARM):
from azure.identity import ManagedIdentityCredential
credential = ManagedIdentityCredential()
token = credential.get_token('https://management.azure.com')
print(token.token)
And then use this token as Bearer token in the Authorization header.
It keeps on failing and returns me an HTML page.
However, when I get the token using PowerShell it works.
Connect-AzAccount -Identity
$token = Get-AzAccessToken
$token.Token
So clearly I don't get the token type Azure DevOps is expecting and I probably generate token against the wrong Resource URI.
I tried different resource URIs though like ARM, graph etc.. and I can't get it to work.
Any idea?
Edit:
Finally managed to do it, needed to scope it as Azure DevOps App
def GetMIToken():
from azure.identity import ManagedIdentityCredential
credential = ManagedIdentityCredential()
token = credential.get_token('499b84ac-1321-427f-aa17-267ca6975798/.default')
return token.token
Feb 08 2024 07:44 AM
SolutionSolution:
def GetMIToken():
from azure.identity import ManagedIdentityCredential
logging.info('Generating System Assigned Managed Identity token')
credential = ManagedIdentityCredential()
token = credential.get_token('499b84ac-1321-427f-aa17-267ca6975798/.default')
logging.info('Successfully generated token')
return token.token
Feb 08 2024 07:44 AM
SolutionSolution:
def GetMIToken():
from azure.identity import ManagedIdentityCredential
logging.info('Generating System Assigned Managed Identity token')
credential = ManagedIdentityCredential()
token = credential.get_token('499b84ac-1321-427f-aa17-267ca6975798/.default')
logging.info('Successfully generated token')
return token.token