ACS administration - nordvall/TokenClient GitHub Wiki

Obtain management credentials

You need so called Management credentials if you programmatically want to:

The management credentials are created in the management portal. You can then use OAuth 2 Client credentials grant or OAuth Wrap Client acount and password grant to obtain an access token. Use https:// xxx.accesscontrol.windows.net/v2/mgmt/service as the scope when requesting access token.

Register a Client

OAuth Clients are called ServiceIdentities in ACS. They can be registered manually in the management portal, except for the redirect url, which is mandatory in the authorization code grant.

Create ServiceIdentity

Request:

POST /v2/mgmt/service/ServiceIdentities HTTP/1.1
Authorization: Bearer *token*
Host: xxx.accesscontrol.windows.net
Content-Type: application/json
Accept: application/json
Content-Length: 60

{ Name: "TestClient1", RedirectAddress: "http://abc.com" }

Response:

HTTP/1.1 201 Created
Location: https://xxx.accesscontrol.windows.net/v2/mgmt/service/ServiceIdentities(20629713L)

{ the object }

Create ServiceIdentityKey

Request:

POST /v2/mgmt/service/ServiceIdentityKeys HTTP/1.1
Authorization: Bearer *token*
Host: xxx.accesscontrol.windows.net
Content-Type: application/json
Accept: application/json
Content-Length: 93

{ ServiceIdentityId: "20629713", Type: "Password", Usage: "Password", Value: "QXBhbjExNCE=" }

The value is a base64 encoded password.

Response:

HTTP/1.1 201 Created
Location: https://xxx.accesscontrol.windows.net/v2/mgmt/service/ServiceIdentityKeys(20855201L)

{ the object }