question

Hi @Cassie-5160,

How to get an access token using MSAL

There are two approaches for getting the access token using MSAL:

1) Get Azure AD tokens by using a web browser and curl

 curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
 https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token \
 -d 'client_id=<client-id>' \
 -d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default' \
 -d 'code=<authorization-code>' \
 -d 'redirect_uri=<redirect-uri>' \
 -d 'grant_type=authorization_code' \
 -d 'state=<state>'

1. Get Azure AD tokens by using the MSAL Python library

   
   

To migrate from ADAL to MSAL, you can follow the guide, Migrate applications to the Microsoft Authentication Library (MSAL)

Specifically for .NET we have:
https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-migration

The MSAL library also has examples of integrating MSAL app credentials with Managed Identities. https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/docs/key-vault-managed-identity.md

Let me know if this helps.

Hey, thanks! Could we get Azure AD tokens by using the MSAL C++ library?

Hey @MarileeTurscak-MSFT ,

The current command we are using to receive the token from the metadata only includes constant:
curl --noproxy '*' --connect-timeout 3 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-10-01&resource=https%3A%2F%2Fstorage.azure.com%2F' -H 'Metadata:true'

But the command you sent includes several parameters:

curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token \
-d 'client_id=<client-id>' \
-d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default' \
-d 'code=<authorization-code>' \
-d 'redirect_uri=<redirect-uri>' \
-d 'grant_type=authorization_code' \
-d 'state=<state>'

I am not sure. Could you confirm this is what we need to update to?