How does SqlClient gets 'scope' of Azure SQL Server when using Azure Active Directory as authentication method?
Question
As I understand that for getting selective authorization for a protected resource using Azure AD based OAuth 2.0 mechanism, client application need to mandatorily provide the scope URL for getting access token. Other parameters usually include client ID, client secret (in case of Service Principal auth flow), Azure AD username and password, etc.
SqlClient has integrated Azure AD OAuth mechanism with SqlClient for authorizing a database connection. So, I guess SqlClient also need these parameters for establishing an connection to Azure SQL server using Azure Active Directory authentication method. But I don't see that it accepts any scope from the client application. How does SqlClient gets scope for a particular Azure SQL server instance? I see that it gets something as Federated Authentication Info from server but I don't understand it completely.
1 answers
solution1
0 2022-07-26 03:34:40
The scope required for SQL Servder Authentication access tokens is https://database.windows.net/.default which stands for default scopes/permissions for https://database.windows.net/ resource.
Once an access token is obtained you pass it trough the SqlConnection.AccessToken property.
Cheers
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.