ACS administration - nordvall/TokenClient GitHub Wiki
Obtain management credentials
You need so called Management credentials if you programmatically want to:
- Register Clients
- Register Resource Servers (relying parties)
- Register Delegations (see Authorization code grant)
The management credentials are created in the management portal. You can then use OAuth 2 Client credentials grant or OAuth Wrap Client acount and password grant to obtain an access token. Use https:// xxx.accesscontrol.windows.net/v2/mgmt/service as the scope when requesting access token.
Register a Client
OAuth Clients are called ServiceIdentities in ACS. They can be registered manually in the management portal, except for the redirect url, which is mandatory in the authorization code grant.
Create ServiceIdentity
Request:
POST /v2/mgmt/service/ServiceIdentities HTTP/1.1
Authorization: Bearer *token*
Host: xxx.accesscontrol.windows.net
Content-Type: application/json
Accept: application/json
Content-Length: 60
{ Name: "TestClient1", RedirectAddress: "http://abc.com" }
Response:
HTTP/1.1 201 Created
Location: https://xxx.accesscontrol.windows.net/v2/mgmt/service/ServiceIdentities(20629713L)
{ the object }
Create ServiceIdentityKey
Request:
POST /v2/mgmt/service/ServiceIdentityKeys HTTP/1.1
Authorization: Bearer *token*
Host: xxx.accesscontrol.windows.net
Content-Type: application/json
Accept: application/json
Content-Length: 93
{ ServiceIdentityId: "20629713", Type: "Password", Usage: "Password", Value: "QXBhbjExNCE=" }
The value is a base64 encoded password.
Response:
HTTP/1.1 201 Created
Location: https://xxx.accesscontrol.windows.net/v2/mgmt/service/ServiceIdentityKeys(20855201L)
{ the object }