How to get bearer token from Azure SDK DefaultCredential

Question

Problem :

I need to get a list of certificates of apps registered under Azure AD and renew the ones which are expiring.

I was able to get the apps related details through Microsoft Graph API > applications. But, the issue is the bearer token refreshes every time in 1 hr. Since I want this task to be automated, I need to create a fresh token always.

I got some reference of Azure SDK for identity-based authentication but the package function is returning a credential, not a token (bearer token) to be used inside the rest API header Authorization

Code:

from azure.identity import DefaultAzureCredential

default_credential = DefaultAzureCredential()

References:

Azure api or sdk to get list of app registrations and the certificates associated with them

Answer 1

Ok after a lot of debugging and surfing the internet, I was able to find the RestAPI way to get the bearer token.

    data = {
        "client_id":"add your client id",
        "scope": "add scope ex: User.read Directory.read.All",
        "grant_type": "password", [don't modify this one since you are providing the password]
        "username": "your username",
        "password": "your password",
        "client_secret": "client secret"
    }

    headers = {
        "Host": "login.microsoftonline.com",
        "Content-Type": "application/x-www-form-urlencoded"
    }
    data = requests.post(f'https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token', data=data, headers=headers)

You will receive a json consisting of access token and related details.

Do remember to provide the permissions in the azure portal> Azure AD > app registrations > your app > API permissions (grant consent) : )