Get OAuth2.0 Access Token with Username and Password on Azure
Need to authenticate against Azure APIs using username and password instead of a service principal? Here's a practical guide to the OAuth2 ROPC flow and how to set it up correctly.
Username + Password Authentication via ROPC Flow on Azure
Some Azure APIs – including the Fabric API – require username and password authentication. Here's how to obtain an Azure access token via OAuth2.0 using the ROPC (Resource Owner Password Credentials) flow.
What You Need
- A user of type Member in Azure with a password
- An app registration that represents your application
OAuth2.0 in a Nutshell
OAuth 2.0 allows applications to access resources on behalf of a user without exposing credentials. Access tokens define and control access rights. In the ROPC flow, the user's credentials and the app's client ID are sent together to obtain a token.
The HTTP Request
Endpoint: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
Required parameters:
- client_id – the client ID of the app registration
- username and password – the user's credentials
- scope – e.g. https://fabricapi/.default
- grant_type – must be 'password' (identifies ROPC flow)
Public Client Flow
If the public client flow is enabled in the app registration's Authentication settings, no client secret is required. If disabled, a client secret must be included in the request.