1

Is there currently any way to create a service principal using python SDK in azure?

I have tried doing it with azure-graphrbac but it currently is deprecated and it fails to load DefaultAzureCredential from azure-identity. I have tried creating the wrapper and using it as well but it fails while loading session token.

CredentialsWrapper.py

from azure.identity import DefaultAzureCredential
from msrest.authentication import BasicTokenAuthentication
from azure.core.pipeline.policies import BearerTokenCredentialPolicy
from azure.core.pipeline import PipelineRequest, PipelineContext
from azure.core.pipeline.transport import HttpRequest

class CredentialWrapper(BasicTokenAuthentication):
    def __init__(self, credential=None, resource_id="https://graph.microsoft.com/.default", **kwargs):
        super(CredentialWrapper, self).__init__(None)
        if credential is None:
            credential = DefaultAzureCredential()
        self._policy = BearerTokenCredentialPolicy(credential, resource_id, **kwargs)

    def _make_request(self):
        return PipelineRequest(
            HttpRequest(
                "CredentialWrapper",
                "https://fakeurl"
            ),
            PipelineContext(None)
        )

    def set_token(self):
        request = self._make_request()
        self._policy.on_request(request)
        print(request.http_request.headers["Authorization"])
        token = request.http_request.headers["Authorization"]
        self.token = {"access_token": token}

    def signed_session(self, session=None):
        self.set_token()
        return super(CredentialWrapper, self).signed_session(session)
Improve this question

1 Answer 1

Reset to default
1

To create the Service Principal using DefaultAzureCredential from azure-identity, make use of below code:

import requests
from azure.identity import DefaultAzureCredential

class TokenGenerator:
    def generate_token(self):
        try:
            credential = DefaultAzureCredential()
            token = credential.get_token("https://graph.microsoft.com/.default")
            return token.token
        except Exception as ex:
            # Handle any exceptions
            print(f"An error occurred: {ex}")
            return None

generator = TokenGenerator()
access_token = generator.generate_token()

if access_token:
   
    headers = {
        "Authorization": f"Bearer {access_token}",
        "Content-Type": "application/json"
    }

    
    payload = {
        "appId": "MicrosoftEntraApplicationAppID"
    }

    response = requests.post("https://graph.microsoft.com/v1.0/servicePrincipals", headers=headers, json=payload)

    if response.status_code == 201:
        print("Service principal created successfully.")
    else:
        print(f"Failed to create service principal. Status code: {response.status_code}")
else:
    print("Failed to obtain access token.")

enter image description here

The service principal got created successfully:

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

This does work, but don't we have an SDK to do this rather then making direct REST API calls?
AFAIK no you have to make use of REST API calls
There is no direct object/module that can help you achieve your requirement AFAIK.
Refer learn.microsoft.com/en-us/azure/developer/python/sdk/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.