Get Azure Managed Identity tokens with cURL

Goal: Retrieve an access token using Azure Managed Identity from within a VM.

Get a token

SSH (or RDP) into a VM with Managed Identity enabled and request a token:

curl "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F" -H Metadata:true -s

The resource parameter specifies the App ID URI of the target resource. It becomes the aud (audience) claim in the token.

Target different resources

For Azure Storage:

curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fstorage.azure.com%2F' -H Metadata:true

Official documentation