myresource - unclear what that stands for

Question

myresource - unclear what that stands for

ralphke opened this issue 4 years ago · 3 comments

The samples provided like
token <- get_azure_token(resource="myresource", tenant="mytenant", app="app_id", ...)
are unclear to us.
Can you provide a sample what the string myresource might look like when accessing a Data Lake Gen2 storage account?
And what stands the app_id for?
What is needed if I want to logon just with my AAD credentials? Why do I need an app_ID at all?
Thank you so much for your help.

Answer 1 · 2021-03-19T11:08:56.000Z

Hi, I answered these questions before at Azure/AzureStor#79:

The resource is https://storage.azure.com/
The app id is the ID of the app registration that you have to create in order to authenticate with AAD. Note this is the app ID, NOT the service principal ID.

You need the app ID because the authentication process uses OAuth tokens, like with any other app that interacts with AAD. You can think of this package as being the rough R equivalent to the MSAL libraries for Python, C# etc. You supply all the necessary inputs to authenticate, and it gives you the token.

More info at Microsoft Docs here and here.

Answer 2 · 2021-03-19T11:19:01.000Z

You may be wondering, why do you need to supply a low-level implementation detail like an app ID, for a simple task like logging on to storage. That's because the storage team didn't think it necessary to create a first-party app registration for this purpose, which means everyone has to bring their own.

Answer 3 · 2021-03-19T11:48:38.000Z

See also the vignette which was added to AzureStor in the last update: https://cran.r-project.org/web/packages/AzureStor/vignettes/aad.html