Azure Active Directory — Authentication OAuth 2.0 — Type Password

I’ve been working in the last weeks in an integration service for a complex system based on Azure.

I was trying to find a way to authenticate in the Azure Directory, basically getting the access token for the future requests to the system without the login popup window from Microsoft, very usual to see in similar cases, like integrations with Facebook or other services.

Microsoft Azure Active Directory (AD) has already an authentication library (ADAL), but unfortunately nothing for the language I was using at the moment, GoLang. Faced with this situation, I was forced to find a solution.


OAuth 2.0

I will not explain here the all protocol, you can check it here, just the authorization grant types.

OAuth 2 has four grant types.

  • Password
  • Client credentials
  • Implicit
  • Authorization Code

With this information and to solve my problem I choose the Password Grant.

For similar scenarios, when you have trusted first party or third party clients both on web and in native applications this offers to the final user the best experience.

For more information about OAuth2.0 you can read here.


Microsoft Azure Active Directory and OAuth 2

  • Authorization Code for Web Server application
  • Implicit Grant for native application
  • Client Credentials for Service application

But Resource Owner Password Credentials Grant type is also supported since version 1.1 in Azure AD.

This is also based on http request but without URL redirection, for more information about this flow you can read here.

So for this specific case, when we have an integration service, ex. a windows service, to get information from a trust target application, this is the best option.


How to use

https://login.microsoftonline.com/<TenantId>/oauth2/token
  • Content-Type: application/x-www-form-urlencoded
  • Host: login.microsoftonline.com
  • TenantId: <MY_HOST> (for example “mywebsite.com”)
  • WS: /oauth2/token

Parameters to use in Body request:

  • client_id: The Client Id value from Azure AD
  • resource: The app id value of the application you want an access token to
  • client_secret: The Client Secret value from Azure AD
  • username: The user name of a user account in the Azure AD instance
  • password: The password of the user account

Request result:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
"token_type":"Bearer",
"expires_in":"600",
"expires_on":"1511533698",
"not_before":"1511533698",
"resource":"*resource*",
"access_token":"*token*",
"refresh_token":"*token*",

"scope":"user_impersonation"
}

Finally you have your token to use in your application.

Result access token example

Have you ever had this need in something similar, have another approach? Please let me know.

I hope this information will be useful for any future development.

Nearsoft Solutions

Business and tech related articles

João Marçal Fernandes

Written by

Software Developer @nearsoftsolutio

Nearsoft Solutions

Business and tech related articles

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade