none
Which URL to HTTP Post to get the Azure AD token for Hardware Dashboard API RRS feed

  • Question

  • Based on https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/dashboard-api, I used the following perl script

    my $url = 'https://login.microsoftonline.com';
    my $json = '{"username": "user@certain.com", "password": "passwd"}';

    my $ua = new LWP::UserAgent();
    $response = $ua->post($url, Content => $json);

    the URL in the document: "https://login.microsoftonline.com/<tenant_id>/oauth2/token" no site found
    https://login.microsoftonline.com works, but it doesn't give token back

    Please let me know what exact URL to use
    Friday, August 23, 2019 3:19 PM

All replies

  • The "tenant id" should be your Azure AD domain you use for signing on the Microsoft Hardware Dashboard.  Log onto the Microsoft Hardware Dashboard to see what your Azure AD tenant is, it will be something like:

        <your-company>.onmicrosoft.com

    If Microsoft created a private Azure AD for you instead of using whatever Azure AD your company has, it typically looks more like:

        <your-company>hwdash.onmicrosoft.com

    Once you get that set up you'll need to create an Azure AD application for your script under the "Users" area of your "Developer Settings".  That will give you the credentials to use, so for your $json above you'll have something like:

    { "grant_type": "client_credentials", "client-id": "<GUID>", "client_secret": "<SECRET>", "resource": "https://manage.devcenter.microsoft.com" }

    I think you get the <GUID> and <SECRET> values when you create the Azure AD application for your script.

    Monday, August 26, 2019 6:16 PM
  • are you using out of date site?  https://manage.devcenter.microsoft.com gave the following error

    { "statusCode": 404, "message": "Resource not found" }
    Wednesday, September 4, 2019 1:50 PM
  • No, that should be correct for the REST API, my scripts run nightly and they use that for the "resource".  However I do get the output you describe when typing that into a web browser, but if the REST invocation is otherwise correctly formed it should work in that context.

    You might want to post a trace of the HTTP interactions including the headers/body data (redacting any sensitive info like your client_secret!).  Perhaps that will indicate something else missing in on of the HTTP calls.

    Thursday, September 5, 2019 3:04 PM
  • As an example, this is a trace from a debug run I just did showing both the token request and the response from Microsoft.  I edited out some info (indicated by names of the form <name>):

    INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): login.microsoftonline.com
    send: 'POST /<my-company>hwdash.onmicrosoft.com/oauth2/token HTTP/1.1
    Host: login.microsoftonline.com
    Content-Length: 191
    Accept-Encoding: gzip, deflate
    Accept: */*
    User-Agent: python-requests/2.7.0 CPython/2.7.9 Windows/2012Server
    Connection: keep-alive
    Content-Type: application/x-www-form-urlencoded
    
    client_secret=<CLIENT_SECRET>&grant_type=client_credentials&resource=https%3A%2F%2Fmanage.devcenter.microsoft.com&client_id=<CLIENT_ID>'
    
    reply: 'HTTP/1.1 200 OK\r\n'
    header: Cache-Control: no-cache, no-store
    header: Pragma: no-cache
    header: Content-Type: application/json; charset=utf-8
    header: Expires: -1
    header: Strict-Transport-Security: max-age=31536000; includeSubDomains
    header: X-Content-Type-Options: nosniff
    header: x-ms-request-id: c1c58fda-d141-46c3-9794-6b4a2c5eab00
    header: x-ms-ests-server: 2.1.9288.15 - CHI ProdSlices
    header: P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
    header: Set-Cookie: fpc=Ai8zrtoRNopEqsSUPLD0mI5VKLrXAQAAAOcjA9UOAAAA; expires=Sat, 05-Oct-2019 15:42:32 GMT; path=/; secure; HttpOnly
    header: Set-Cookie: x-ms-gateway-slice=prod; path=/; secure; HttpOnly
    header: Set-Cookie: stsservicecookie=ests; path=/; secure; HttpOnly
    header: Date: Thu, 05 Sep 2019 15:42:32 GMT
    header: Content-Length: 1359
    DEBUG:requests.packages.urllib3.connectionpool:"POST /<my-company>hwdash.onmicrosoft.com/oauth2/token HTTP/1.1" 200 1359
    URL: https://login.microsoftonline.com/<my-company>hwdash.onmicrosoft.com/oauth2/token
    Status code: 200
    Encoding: utf-8
    
    {   
        "access_token":"<REDACTED>",
        "expires_in":"3600",
        "expires_on":"1567701752",
        "ext_expires_in":"3600",
        "not_before":"1567697852",
        "resource":"https://manage.devcenter.microsoft.com",
        "token_type":"Bearer"
    }                                                  

    Thursday, September 5, 2019 4:23 PM