I'm building an application and I need to retrieve all management groups in a hierarchical style like the subscription IDs and that resource informations .
I looked up in the SDK for java :(https://github.com/Azure/azure-sdk-for-java)
but can't find anything related with my topic
I went through tones of documentations but still didn't find any significant class that can help
Refer to MSDOC to access the management group list from azure by using azure REST Api call for the list management api.
To access the above api we should have the following details:
Client ID
Client Secret
Tenant ID
With the help of above credentials, we can generate access token to access the api’s in azure.
Below is the API to generate the access token.
https://login.microsoftonline.com/<your-tenant-id>/oauth2/token
Hit the api using postman: *
Use the generated token as header in the below api to access management groups:
https://management.azure.com/providers/Microsoft.Management/managementGroups?api-version=2020-05-01
I have implemented the above scenario using java and spring boot by following the code.
Output:
In my case, I have only one management groups. So, I'm getting one management group as shown below.
Related
I am in the process of developing a Spring Boot application that will expose multiple GET REST APIs to retrieve certain things from the database. The "constraints" that will be used for the selection are located within the JWT's claim.
It was decided that the WSO2 IS will be utilized to create the JWT. This token will then be passed to the REST APIs (through the Authorization header) as it will contain useful information within the claim (e.g. dob, role, etc.).
I tried to find examples on how to integrate the JWT Token created by the WSO2 IS but can't find something that will work for my case. The closest implementation/explanation I found is available here.
More specifically, the backend will have to extract the JWT's claim, get the necessary information, and use it to retrieve DB objects. However, the backend is agnostic from the user information as the user credentials are stored in a different place and managed by the WSO2. (thus cannot use the AuthenticationManagerBuilder)
So my understanding is that the backend should validate the JWT. The question is whether this is feasible as the backend since it does not hold the user information. If yes, are there are any posts that could help me with the implementation? If no, what is the alternative?
I have a mobile app which gets token directly from azure login. And I have a service which is using adal4j in spring boot. I cannot use the mobile generated token to authenticate spring service. Becase I use two different azure app registrations for mobile and web service. Is there a way to accomplish this ?
My understanding is that you have created 2 Enterprise Applications in Azure.
1) An Enterprise Application for your mobile app (Type: Native)
2) An Enterprise Application for your Web API app (Type: WebAPI)
For native app, you will not need a client secret but you will need a client secret for the Web API app.
Now coming to the key configurations:
In both of these, please update the manifest file to have oauth2AllowImplicitFlow set to true
Also, in your Web API Enterprise Application, please have the app id of your native app in the known client apps
"knownClientApplications": ["
Now, when calling your Web API through an end-point from the Native application, pass your token in your request header as "Authorization": "Bearer "
Also note: if you need to retrieve group claims, please update the manifest in both your enterprise apps to have the following setting for this property
"groupMembershipClaims": "SecurityGroup"
Update:
Under permissions in the native app, please add the Web API app registration to allow access
Yes, the OAuth 2.0 on-behalf-of flow should applies to your scenario. These steps constitute the On-Behalf-Of flow.
Azure AD issues a token for certain resource (which is mapped to an Azure AD app). When we call AcquireToken(), we need to provide a resourceID, only ONE resourceID. The result would have a token that can only be used for the supplied resource (id). There are ways where you could use the same token , but it is not recommended as it complicates operations logging, authentication process tracing, etc. Therefore it is better to look at the other options provided by Azure and the ADAL library. The ADAL library supports acquiring multiple access-Tokens for multiple resources using a refresh token. This means once a user is authenticated, the ADAL’s authentication context, would be able to generate an access-token to multiple resources without authenticating the user again.
Further details here.
I'm trying to get shares counts from Google+ using the Google+ API and catch only error:
Access Not Configured. +1 API has not been used in project 383866521277 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/pos.googleapis.com/overview?project=383866521277 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
After that I visit recommended link and catch pos.googleapis.com not found. How to enable this API?
In order to access Google APIs you need to register your application on Google developer console. You have probably already created your credentials. The API key or Oauth2 credentials you created identifies the application to Google. The project that was used to create the API key or Oauth2 credentials you are using must have the Google+ API enabled.
Enable API:
What you have forgotten to do is to tell Google which APis you will be accessing. On the Left hand side look for "Library" find the Google+ api and enable it.
Error pos.googleapis.com
Means that you do not have access to the project 383866521277 or it was deleted. The person who created the project must enable the Google+ api for you. Remember this is denoted by the The API key or Oauth2 credentials you created and are using in your code.
I'm trying to create a service account to use Google API's for gmail. However, I cannot find the client ID to provide domain wide access, as mentioned in https://developers.google.com/identity/protocols/OAuth2ServiceAccount .
There is a Service Account ID , but no client ID. Also, while creating a service account, it gives 2 default accounts - App engine and compute engine and there is no mention in documentation if I should be using that.
It also asks to give a service account name, unlike earlier where it used to generate the Service Account Name. Looks like documentation has not been updated to capture these changes.
Any help is appreciated.
I would like to configure the Google API services programmatically instead of having to go through the API Console. For example, I would like to be able to the following types of things programmatically:
Create OAuth and API Key credentials; this would include generating
the client id\secret, setting the redirect uri, downloading the
client_secrets.json file, etc.
Get the list of projects for a user
Enable\disable services for a specified project
Does Google provide any APIs for configuring services so that I don't have to use the API Console's GUI? All of the documentation I have seen has indicated that the only way to do this is through the API Console’s GUI.
You can use the Cloud Resource Manager API to get the list of projects for a user. Unfortunately, public APIs don't exist for the other things at this time.