Azure Instance Metadata Service (IMDS).
Â
Intro
Â
Documentation
Â
Tips and Tidbits
Azure resources that support managed identities expose an internal IMDS endpoint that the client can use to request an access token
http://169.254.169.254/metadata/identity/oauth2/token
The managed identities for Azure resources endpoint for the Instance Metadata ServiceHow to leverage a Service Fabric application's managed identity to access Azure services
https://localhost:2377/metadata/identity/oauth2/token
The managed identity endpoint for Service Fabric applications, provided via the IDENTITY_ENDPOINT environment variable.
Â
Â
Prorgramming
Get a token using C# (other language examples too)
// Build request to acquire managed identities for Azure resources token
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/");
request.Headers["Metadata"] = "true";
request.Method = "GET";
try
{
// Call /token endpoint
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
// Pipe response Stream to a StreamReader, and extract access token
StreamReader streamResponse = new StreamReader(response.GetResponseStream());
string stringResponse = streamResponse.ReadToEnd();
JavaScriptSerializer j = new JavaScriptSerializer();
Dictionary<string, string> list = (Dictionary<string, string>) j.Deserialize(stringResponse, typeof(Dictionary<string, string>));
string accessToken = list["access_token"];
}
Â
GET 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' HTTP/1.1 Metadata: true
JsonConvert.DeserializeObject<Dictionary<string,string>>(payload);