Access tokens are used in token-based authentication to allow an application to access an API. The application receives an access token after a user successfully authenticates and authorizes access, then passes the access token as a credential when it calls the target API. The passed token informs the API that the bearer of the token has been authorized to access the API and perform specific actions specified by the scope that was granted during authorization. The Microsoft identity platform uses a variety of access token formats depending on the configuration of the API that accepts the token.
In this article, I will show you how you can extract the access token used in Cloud Shell.
curl http://localhost:50342/oauth2/token --data "resource=https://management.azure.com/" -H Metadata:true -s | jq -r ".access_token"
Now you can use this access token in a bash script to call the Azure API:
#!/bin/bash subscription='put your Azure subscription ID here' apiversion='2019-03-01' authtoken=`curl http://localhost:50342/oauth2/token --data "resource=https://management.azure.com/" -H Metadata:true -s | jq -r .access_token` curl -H "Authorization: Bearer $authtoken" -X GET "https://management.azure.com/subscriptions/$subscription/resourceGroups?api-version=$apiversion" | jq