Azure GLAB/Pre-ship environments - change in authentication process
Background
Due to recent security changes in the azure tenant, to access the osdu environments, one must have personal access token to test the services and workflows.
Prerequisites
Person who wants to access the environment (Azure GLAB / Azure Pre-ship should be invited to the azure tenant, Post accepting the invitation, one should complete the onboading process which includes setting up authenticator application/MFA.
Person should have tenant_id, client_id, client_secret handy, corresponding to the environement which he/she/they are generating access token.
How request
Approach azure team in slack or comment on this issue
Procedure to create Personal Access token ( access_token )
Get tenant_id, client_id, client_secret handy of the specific environment (Azure GLAB / Azure Pre-ship) to which access token is being generated.
In case of required access for both GLAB and preship environments, this process should be followed seperately with two different sets of corressponding client_id, client_secret.
Step 1.1: Prepare the below URL replacing the parameters <tenant_id>, <client_id> with actual values of targetted environment.
Step 1.2: After you replace the parameters, you can paste the request in the URL of any browser (incognito window/private tab) and select Enter.
Step 1.3: Sign in to your Azure portal with your organisation email id and its corressponding password.
Step 2.1: Now the browser authenticates the user and You might see the "Hmmm...can't reach this page" error message in the browser. You can ignore it.
The browser redirects to http://localhost:8080/?code={authorization code}&state=... upon successful authentication.
Step 2.2: Copy the response from the URL bar of the browser and fetch the text between code= and &state. This is known as code
ex: http://localhost:8080/?code=0.BRoAv4j5cvGGr0...au78f&state=12345&session....
Save the code as a postman environment variable code which will be used in next step.
Step 2.3: Replace <tenant_id>, < code > (code in step 2.2), <client_id> and <clent_secret> in the following curl request, hit this curl request using postman tool.
On postman click on new request.
Paste the following curl request in the URL section of the new request
curl --location--request POST 'https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token'\--header'Content-Type: application/x-www-form-urlencoded'\--datagrant_type="authorization_code"\--dataredirect_uri=http://localhost:8080 \--dataclient_id="<client_id>"\--dataclient_secret="<client_secret>"\--datascope="<client_id>/.default openid profile offline_access"\--datacode={{code}}
Step 2.4: Save access_token , refresh_token in your local postman environment
Step 3.1: Test couple of OSDU services with this access_token to make sure you can access the OSDU environment with newly generated token.
Common issues one can face during this process
Not replacing placeholders ( <tenant_id>, < code >, <client_id> and <clent_secret> )with correct values in the URL/Curl request
Resolution: Double check url and curl request and make sure correct values are being replaced in the placeholders.
< code > generated during step 2.2 will expire after 1 hour. Follow the process again from Step 1.1 if the < code > expires.
It is recommended to use postman tool for step 2.3 rather than git bash, windows cmd, etc.
It is expected to face error "Hmmm...can't reach this page/ Can't found the URL" in the browser for step 2.1