You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-apps/managed-identity.md
+5-10Lines changed: 5 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -222,7 +222,7 @@ For more code examples of the Azure Identity client library for Java, see [Azure
222
222
223
223
# [PowerShell](#tab/powershell)
224
224
225
-
Use the following script to retrieve a token from the local endpoint by specifying a resource URI of an Azure service. Replace the place holder with the resource URI to obtain the token.
225
+
Use the following script to retrieve a token from the local endpoint by specifying a resource URI of an Azure service. Replace the placeholder with the resource URI to obtain the token.
A raw HTTP GET request looks like the following example.
237
237
238
-
X-IDENTITY-HEADER contains the GUID that is stored in the IDENTITY_HEADER environment variable.
238
+
Obtain the token endpoint URL from the `IDENTITY_ENDPOINT` environment variable. `x-identity-header` contains the GUID that is stored in the `IDENTITY_HEADER` environment variable.
239
239
240
240
```http
241
241
GET http://localhost:42356/msi/token?resource=https://vault.azure.net&api-version=2019-08-01 HTTP/1.1
@@ -262,13 +262,10 @@ This response is the same as the [response for the Azure AD service-to-service a
262
262
263
263
### REST endpoint reference
264
264
265
-
> [!NOTE]
266
-
> An older version of this endpoint, using the "2017-09-01" API version, used the `secret` header instead of `X-IDENTITY-HEADER` and only accepted the `clientid` property for user-assigned. It also returned the `expires_on` in a timestamp format. `MSI_ENDPOINT` can be used as an alias for `IDENTITY_ENDPOINT`, and `MSI_SECRET` can be used as an alias for `IDENTITY_HEADER`. This version of the protocol is currently required for Linux Consumption hosting plans.
267
-
268
265
A container app with a managed identity exposes the identity endpoint by defining two environment variables:
269
266
270
-
- IDENTITY_ENDPOINT - local URL from which your container app can request tokens.
271
-
- IDENTITY_HEADER - a header used to help mitigate server-side request forgery (SSRF) attacks. The value is rotated by the platform.
267
+
-`IDENTITY_ENDPOINT` - local URL from which your container app can request tokens.
268
+
-`IDENTITY_HEADER` - a header used to help mitigate server-side request forgery (SSRF) attacks. The value is rotated by the platform.
272
269
273
270
To get a token for a resource, make an HTTP GET request to the endpoint, including the following parameters:
274
271
@@ -284,8 +281,6 @@ To get a token for a resource, make an HTTP GET request to the endpoint, includi
284
281
> [!IMPORTANT]
285
282
> If you are attempting to obtain tokens for user-assigned identities, you must include one of the optional properties. Otherwise the token service will attempt to obtain a token for a system-assigned identity, which may or may not exist.
286
283
287
-
For more information on the REST endpoint, see [REST endpoint reference](#rest-endpoint-reference).
0 commit comments