How to generate a bearer access token for Azure REST access with username and password only - Feasibility test

Marcel Meurer's picture

It’s not so easy to get the bearer access token for Azure. The typical PowerShell command doesn’t return the token. However, you need it to talk directly via REST to Azure. 

The “normal” way is to register your application within Azure Active Directory to authenticate a user. For a simple test (and an unattended/silent login without preparation) I found a way similar to PowerShell’s command “Login-AzureRmAccount”. PowerShell uses an internal well-known client id to authenticate a user to Azure (1950a258-227b-4e31-a9cf-717495945fc2).

$AccountName =""
$Password = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" 


$Response=Invoke-WebRequest -Uri "" -Method POST -Body $PayLoad


The bearer token is in $ResponseJSON.access_token

Warning: This method is for testing only. Any change by Microsoft can break this procedure. I’m not sure if it’s a good idea/allowed to use this client id.

Hint: I used a service account which I added to my Azure AD. This account has designated rights in my subscription and can only see these resources. This account only exists in this directory so I’ve no problems with my account, which is a personal and also a business account.

A short test: Enumerate all subscriptions

$Headers = New-Object "System.Collections.Generic.Dictionary"
$Headers.Add("Authorization", "Bearer "+$ResponseJSON.access_token)

$ResponseSubscriptions=Invoke-WebRequest -Uri "" -Method GET -Headers $Headers


id                   : /subscriptions/31x00b3-9b23-451c-a041-xxxxxxxaead
subscriptionId       : 31xx00b3-9b23-451c-a041-xxxxxxxxxxaead
displayName          : Microsoft MVP Program
state                : Enabled
subscriptionPolicies : @{locationPlacementId=Public_2014-09-01; quotaId=MSDN_2014-09-01; spendingLimit=On} 

Multiple APIs
Hi That's a useful post, thanks! We're looking at adding the ability to document Azure to our network documentation tool, all of the different APIs and methods are baffling! Hopefully they will standardise everything to PowerShell eventually, preferably just one PowerShell API too... Thanks, Dave
Add new comment
By submitting this form, you accept the Mollom privacy policy.