can i use azure oauth2 client credentials flow to access the classic azure service management rest api?

Question

here is the description of the azure oauth2 client credentials. https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service

i can issue a request to get the access token like this:

POST /f2eae84a-d4b2-4f23-a74b-cdb32db66fd4/OAuth2/Token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache

grant_type=client_credentials&client_id=e7ce6e44-3df6-4183-bcde-8e360fc7b685&client_secret=xxxxxxxxxxxxxxxxxxxxxxx&resource=https%3A%2F%2Fmanagement.core.windows.net%2F

it returns a access token succussfully

but when i use that token to access the service management api like this:

GET /30dc506b-71d0-47dc-ab86-1a1c0ce4bea1/services/storageservices HTTP/1.1
Host: management.core.windows.net
Authorization: Bearer XXXXXXXXXXXXXXXXXXX
Accept: application/json
Cache-Control: no-cache

it return a 403

Answer 1

Yes, it should support. You can refer this link about this topic like below:

web/confidential clients run on a web server and can access resources under their own identity (for example, a service or daemon), or they can obtain delegated authorization to access resources under the identity of a signed-in user (for example, a web app).

And since the document about service management API seems be update to the new version API. I suggest that you use the new version of API by referring the first link. And to operate the specific resource, you need to assign the corresponding role to the service principal. For example, if you were developing with Azure API Management, you can refer this link for the relative roles.

And if you still have the problem, please feel free to let me know which specification operation you were developing.