RestMessage to Azure Resource Manager using OAuth profile fails

matthuy
Kilo Explorer

‎06-20-2016 07:21 PM

Hi,

I'm testing out the OAuth Profile to 3rd party Providers and need to work with the Azure Management APIs.   I've setup the OAuth Provider to provide the grant_type=client_credentials and provided my client_id and client_secret.   To access the Azure Management APIs, there is a requirement to add 'resource=https://management.core.windows.net/' to the request, but I don't see support for that in the OAuth provider form.   Thus when the token comes back from Azure, it contains the wrong permissions and calls into the resource returns:

{"error":{"code":"InvalidAuthenticationTokenAudience","message":"The access token has been obtained from wrong audience or resource '00000002-0000-0000-c000-000000000000'. It should exactly match (including forward slash) with one of the allowed audiences 'https://management.core.windows.net/','https://management.azure.com/'."}}

It seems like the OAuth Provider for Client_Credential flow is using the script include 'OAuthConsumerSupport'.   If I wanted to support the Azure management token that would return the correct permissions, would I need to create my own script include that adds the correct 'resource' parameter or is there another way of doing this in the OAuth provider of Helsinki?

Thanks!

Labels:
0 Helpfuls
  • 2,688 Views
3 REPLIES 3

Patrick Schult2
Giga Guru

‎03-09-2017 01:29 PM

Did you get this figured out? I'm having this exact same problem.


0 Helpfuls

gobi
Kilo Contributor

‎03-10-2017 05:51 AM

Made it to work after a long struggle. Let me know whether it works for you.



1. Set Authentication Type -None- in the Http Method post record which I am calling in the rest code.



2. Removed the following line in rest code,


r.setAuthentication('oauth2', 'myOauthProfileName' );



3. Added the following line in the rest code.



var oAuthClient = new sn_auth.GlideOAuthClient();


var params = {grant_type:"client_credentials",resource:"<<RESOURCE_URL>>"};


var json = new global.JSON();


var text = json.encode(params);


var tokenResponse = oAuthClient.requestToken('<<NAME_OF_THE_REST_MESSAGE_RECORD>>', text);


var token = tokenResponse.getToken();


restMessage1.setRequestHeader("Authorization", "Bearer " + token.getAccessToken());


lasse3
Mega Guru

‎03-14-2017 04:54 AM

I did a small guide on this that may be helpful in solving this issue.



Azure Automation API Integration using REST and OAuth 2.0



I hope this helps.