get token include

EdB-MSFT · EdB-MSFT · commit 6e14d5977f4e · 2024-07-01T16:50:02.000+03:00
diff --git a/articles/azure-monitor/essentials/metrics-store-custom-rest-api.md b/articles/azure-monitor/essentials/metrics-store-custom-rest-api.md
@@ -44,30 +44,10 @@ To submit custom metrics to Azure Monitor, the entity that submits the metric ne
 
 ### Get an authorization token
 
-Once you have created your managed identity or service principal and assigned **Monitoring Metrics Publisher** permissions, you can get an authorization token by using the following request:
-
-```console
-curl -X POST 'https://login.microsoftonline.com/<tennant ID>/oauth2/token' \
--H 'Content-Type: application/x-www-form-urlencoded' \
---data-urlencode 'grant_type=client_credentials' \
---data-urlencode 'client_id=<your apps client ID>' \
---data-urlencode 'client_secret=<your apps client secret' \
---data-urlencode 'resource=https://monitoring.azure.com'
-```
-
-The response body appears in the following format:
+Once you have created your managed identity or service principal and assigned **Monitoring Metrics Publisher** permissions, you can get an authorization token by using the following methods:
+When requesting a token specify `resource: https://monitoring.azure.com`.
 
-```JSON
-{
-    "token_type": "Bearer",
-    "expires_in": "86399",
-    "ext_expires_in": "86399",
-    "expires_on": "1672826207",
-    "not_before": "1672739507",
-    "resource": "https://monitoring.azure.com",
-    "access_token": "eyJ0eXAiOiJKV1Qi....gpHWoRzeDdVQd2OE3dNsLIvUIxQ"
-}
-```
+[!INCLUDE [Get a token](../includes/get-a-token.md)]
 
 Save the access token from the response for use in the following HTTP requests.
 
diff --git a/articles/azure-monitor/includes/get-a-token.md b/articles/azure-monitor/includes/get-a-token.md
@@ -0,0 +1,158 @@
+
+---
+ms.service: azure-monitor
+ms.topic: include
+ms.date: 07/01/2024
+ms.author: edbaynash
+author: EdB-MSFT
+---
+
+You can get a token for your rest calls using any of the following 
+- CLI
+- REST API
+- SDK
+
+When requesting a token, you need to provide a `resource` parameter. The `resource` parameter is the URL of the resource you want to access. 
+
+Resources include:
+- https://management.azure.com
+- https://api.loganalytics.io
+- https://monitoring.azure.com 
+
+
+## [CLI](#tab/cli)
+
+To get a token using CLI, you can use the following command
+
+```bash
+az account get-access-token 
+```
+
+For morte information see [az account get-access-token](/cli/azure/account?view=azure-cli-latest#az-account-get-access-token)
+
+
+## [REST](#tab/rest)
+
+Use the following REST API call to get a token.
+this request uses a client ID and client secret to authenticate the request. The client ID and client secret are obtained when you register your application with Azure AD. For more information see [Register an App to request authorization tokens and work with APIs](/azure/azure-monitor/logs/api/register-app-for-token?tabs=portal)
+
+
+
+- 
+
+```console
+curl -X POST 'https://login.microsoftonline.com/<tennant ID>/oauth2/token' \
+-H 'Content-Type: application/x-www-form-urlencoded' \
+--data-urlencode 'grant_type=client_credentials' \
+--data-urlencode 'client_id=<your apps client ID>' \
+--data-urlencode 'client_secret=<your apps client secret' \
+--data-urlencode 'resource=https://monitoring.azure.com'
+```
+
+The response body appears in the following format:
+
+```JSON
+{
+    "token_type": "Bearer",
+    "expires_in": "86399",
+    "ext_expires_in": "86399",
+    "expires_on": "1672826207",
+    "not_before": "1672739507",
+    "resource": "https://monitoring.azure.com",
+    "access_token": "eyJ0eXAiOiJKV1Qi....gpHWoRzeDdVQd2OE3dNsLIvUIxQ"
+}
+```
+
+## [SDK](#tab/SDK)
+
+You can use the SDK to get a token. The following code is an example of how to get a token using the SDK.
+
+### .NET
+
+The following code shows how to get a token using the Azure.Identity library It requires a client ID and client secret to authenticate the request. 
+```csharp
+var context = new AuthenticationContext("https://login.microsoftonline.com/<tennant ID>");
+var clientCredential = new ClientCredential("<your apps client ID>", "<your apps client secret>");
+var result = context.AcquireTokenAsync("https://monitoring.azure.com", clientCredential).Result;
+```    
+
+Alternatively you can use the DefaultAzureCredential class to get a token. This uses the default Azure credentials to authenticate the request and does not require a client ID or client secret.
+
+```csharp
+var credential = new DefaultAzureCredential();
+var token = credential.GetToken(new TokenRequestContext(new[] { "https://management.azure.com/.default" }));
+```
+
+
+You can also specify your managed identity or service principal credentials as follows:
+
+```csharp
+string userAssignedClientId = "<your managed identity client ID>";
+var credential = new DefaultAzureCredential(
+    new DefaultAzureCredentialOptions
+    {
+        ManagedIdentityClientId = userAssignedClientId
+    });
+
+var token = credential.GetToken(new TokenRequestContext(new[] { "https://management.azure.com/.default" }));
+
+```
+For more information see [DefaultAzureCredential Class](/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet)
+
+
+### Node.js
+
+For information on authentication use Javascript and NodeJS,  see [How to authenticate JavaScript apps to Azure services using the Azure SDK for JavaScript](/azure/developer/javascript/sdk/authentication/overview)
+
+
+The following code shows how to get a token using the DefaultAzureCredential class. This uses the default Azure credentials to authenticate the request and does not require a client ID or client secret.
+
+```javascript
+const { DefaultAzureCredential } = require("@azure/identity");
+
+const credential = new DefaultAzureCredential();
+const accessToken = await credential.getToken("https://management.azure.com/.default");
+```
+For more information see [DefaultAzureCredential Class](/javascript/api/@azure/identity/defaultazurecredential?view=azure-node-latest)
+
+Alternatively you can use the ClientSecretCredential class to get a token. This requires a client ID and client secret to authenticate the request.
+
+```javascript
+const { ClientSecretCredential } = require("@azure/identity");
+credential = ClientSecretCredential(
+    client_id="<client_id>",
+    username="<username>",
+    password="<password>"
+   )
+const accessToken = await credential.getToken("https://management.azure.com/.default");
+```
+For more information see [ClientSecretCredential Class](/javascript/api/@azure/identity/clientsecretcredential?view=azure-node-latest)
+
+### Python
+
+The following code shows how to get a token using the DefaultAzureCredential class. This uses the default Azure credentials to authenticate the request and does not require a client ID or client secret.
+
+```python
+from azure.identity import DefaultAzureCredential
+
+credential = DefaultAzureCredential()
+token = credential.get_token('https://management.azure.com/.default')
+print(token.token)
+```
+For more information see [DefaultAzureCredential Class](/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python)
+
+Alternatively you can use the ClientSecretCredential class to get a token. This requires a client ID and client secret to authenticate the request.
+
+```python
+from azure.identity import ClientSecretCredential
+
+credential = ClientSecretCredential (
+     tenant_id="<tenant id>",
+     client_id="<Client id>",
+     client_secret="client secret"
+    )
+token =  credential2.get_token("https://management.azure.com/.default")
+print(token.token)
+```
+
+ for more information see [ClientSecretCredential Class](/python/api/azure-identity/azure.identity.clientsecretcredential?view=azure-python)
