Creating a Custom OAuth App
Creating a custom OAuth app and a service principal that can access the necessary resources is required when authenticating using an Azure Service Principal.
Follow the steps below to create a custom OAuth app and obtain the connection properties for the Azure Service Principal authentication.
Steps to Create a Custom OAuth App
Follow the steps below to obtain the OAuth values for your app.
- Log in to https://portal.azure.com.
- In the left-hand navigation pane, select Azure Active Directory then App Registrations and click on New registration button.
- Enter an app name and set the radio button for "Any Azure AD Directory - Multi Tenant". Then set the redirect url to something such as http://localhost:33333, the cmdlet's default.
- Copy the Application (client) ID value displayed on the Overview section after creating the app, since this value is used as the OAuthClientId
- Define the app authentication type by going to the Certificates & Secrets section. There are two types of authentication available: using a client secret and using a certificate.
The recommended authentication method is via a certificate, but you can also create an application secret.
- Option 1 - Upload a certificate: In the Certificates & Secrets section, select Upload certificate and select the certificate to upload from your local machine.
- Option 2 - Create a new application secret: In the Certificates & Secrets section, select New Client Secret for the app and select its duration. After saving the client secret, the key value is displayed. Copy this value as it is displayed only once, and it is used as the OAuthClientSecret.
- In the Authentication tab, make sure to check the option: Access tokens (used for implicit flows).
- Open the Subscriptions page by searching and selecting the Subscriptions service from the search bar.
- Select the particular subscription to assign the application to, then open the Access control (IAM) section, and click on the Add role assignment button.
- Select Owner as the role to assign to your created OAuth app.