Azure Active Directory Workload Identity Federation with external OIDC IdP

As of February 2022, AAD Workload Identity Federation is in “preview” and not all external IdP and scenarios are supported yet.

Video Walkthrough

Postman Code Snippets

curl --location --request POST 'https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=CLIENT_ID' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'scope=https://management.azure.com/.default' \
--data-urlencode 'client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik1VWTROakl5TlRFeE9ETkJRMEV3TUVaRU5VWkRRa1pEU...'
curl --location --request GET 'https://management.azure.com/subscriptions/SUBSCRIPTION_ID/resourceGroups?api-version=2021-04-01' \--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IjRsYi16bWo0aDE5TzNRYVNuellIMDA0enBWVy1jOTZKSHBjNkJ0Y1EzY2ciLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1yNS1BVWliZkJpaTdOZDFqQmViYXhib1hXMCIsImt...'

Online JWT Token Tools

Going Deeper

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store