Client Credentials Defined Example OAuth 2.0

Use OAuth 2.0 client credentials grant flow to enable a web service to use its own credentials to authenticate another call web service.

To define client credentials:

  1. Submit a HTTPS POST request to: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token tenant_id format: xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx

    Note: In the URL above common is no longer supported with the v2 oauth2 endpoints so tenant_id must be used. The following parameters are updated.

    The body of the request should include the form-data:

    Parameter Name Value
    grant_type client_credentials
    client_id xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
    scope <registered client_id>/.default openid
    Parameter Name Value
    client_secret <registered client_secret>

    The Response generates an AzureBearerBody Token used in conjunction with the API X-CSRF-TOKEN access token generated in step 3.

  2. Submit an HTTPS GET request to get a token.

    Send an HTTP request (GET-request) to: http://hostname:port/insight/api/v2/token

    The body of the JSON response includes

    { "token": "xAuthToken": "44B1E9C995C654E38DDD82BF708784D1" }

    with the current session ID. The response header contains the following values:

    Parameter Name Value
    X-CSRF-HEADER X-CSRF-TOKEN
    X-CSRF-PARAM _csrf
    X-CSRF-TOKEN 40d67d97-fb28-4a78-a111-5bae0ee706bb
  3. Use that token and login information to authenticate.
  4. Send a login POST-request to pass authentication using the same session (set JSESSIONID):

    Parameter

    Name

    		 Value
    URI: http://hostname:port/insight/api/v2/login
    Request header values:
    Content-Type: "application/json"
    X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb. This value is retrieved as a result of the previous request. (http://hostname:port/insight/api/v2/token)
    Cookie:

    JSESSIONID=44B1E9C995C654E38DDD82BF708784D1

    The value is taken from XAuthToken form described in the step 2.
    Request body (raw): {{AzureBearerBody}}
    This is the Azure Generated Authorization Token gathered in steps 1 and 2.
    After successful logon, the application creates a new session and a new token to use in subsequent API calls. The response header contains the following values:
    Parameter Name Values
    X-CSRF-HEADER X-CSRF-TOKEN
    Parameter Name Values
    X-CSRF-PARAM _csrf
    X-CSRF-TOKEN 40d67d97-fb28-4a78-a111-5bae0ee706bb
  5. Make an API call with your new token.

All subsequent REST API POST-requests (read/create/create-or-update/delete for a specific entity) are sent through "/api/v2" URI (example: http://hostname:port/insight/api/v2/event/46098/delete) with the following attributes:

Parameter Name Value
Request header values:
Content-Type: "application/json"
X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb
Cookie:

JSESSIONID=44B1E9C995C654E38DDD82BF708784D1

The value is taken from XAuthToken form described in the step 2.
Request body: JSON object for the specific entity.

Instead of X-CSRF-TOKEN header, you can use the "_csrf" param.