Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
323 questions
What is the recommended scope to fetch AAD token for ACR refresh token exchange?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 26%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
PS
150
Reputation points
We need to exchange the AAD token for ACR refresh token. The code snippet we are currently using is fetching the AAD access token with the scope https://management.azure.com/.default. Can someone please confirm if this is the recommended scope for our use case? Below is the snippet we are using:
cred, err := azidentity.NewManagedIdentityCredential(nil)
ctx2 := context.Background()
aadToken, err := cred.GetToken(ctx, policy.TokenRequestOptions{
Scopes: []string{"https://management.azure.com/.default"}})
tenantId := "xxx"
acrService := "xxx.azurecr.io"
formData := url.Values{
"grant_type": {"access_token"},
"service": {acrService},
"tenant": {tenantId},
"access_token": {aadToken.Token},
}
jsonResponse, err := http.PostForm(fmt.Sprintf("https://%s/oauth2/exchange", acrService), formData)