Generate Key for App Auth and use in Python

# Create Private and Public Key Upload the `public.crt` file to the application in Azure under Enterprise Apps->Certificates & Secrets ```shell openssl genrsa -out private.key openssl req -key private.key -new -x509 -days 30 -out public.crt ``` # Generate the Fingerprint for use in Python Code ```shell openssl x509 -in public.crt -noout -fingerprint | sed 's/\(^[^=]*=\|:\)//g' ``` # Use MSAL to Authenticate the App in Python ## Splat ```python from msal import ConfidentialClientApplication from pathlib import Path import requests private_key = Path(r'/path/to/private.key') tenant_id = "[azure_tenant_id]" client_id = "[azure_application_id]" thumbprint = "[GENERATE_FROM_PRIOR_STEP]" with open(private_key_file) as f: private_key = f.read() auth_data = { "client_credential": { "private_key": private_key, "thumbprint": thumbprint, }, "client_id": client_id, "authority": "https://login.microsoftonline.com/{tenant_id}" } scope = "[scope]" # Azure Management REST API # scope = "https://management.azure.com/.default" # Microsoft Graph API # scope = "https://graph.microsoft.com/.default" # Microsoft Security Center # scope = "https://api.securitycenter.microsoft.com/.default" client_app = ConfidentialClientApplication(**auth_data) acquired_token = client_app.acquire_token_for_client(scope) auth_headers = {'Authorization': 'Bearer ' + acquired_token['access_token']} ``` ## Without Splat ```python from msal import ConfidentialClientApplication from pathlib import Path private_key_file = Path(r'/path/to/private.key') tenant_id = "[azure_tenant_id]" client_id = "[azure_application_id]" thumbprint = "[GENERATE_FROM_PRIOR_STEP]" with open(private_key_file) as f: private_key = f.read() key_data = { "private_key": private_key, "thumbprint": thumbprint } authority = f"https://login.microsoftonline.com/{tenant_id}" client_app = ConfidentialClientApplication(client_credential=key_data, client_id=client_id, authority=authority) scope = "[scope]" # Azure Management REST API # scope = "https://management.azure.com/.default" # Microsoft Graph API # scope = "https://graph.microsoft.com/.default" # Microsoft Security Center # scope = "https://api.securitycenter.microsoft.com/.default" acquired_token = client_app.acquire_token_for_client(scope) auth_headers = {'Authorization': 'Bearer ' + acquired_token['access_token']} ``` # Example Use ## Azure Managment REST API ```python sub_id = "[sub_id]" peering_res = requests.get(f"https://management.azure.com/subscriptions/{sub_id}/providers/Microsoft.Peering/peerings?api-version=2021-01-01", headers=auth_headers) print(peering_res.json()) ```