I am building salesforce marketing cloud custom activity (a javascript/express application) hosted on Azure app service. I've enabled the system to assign a managed identity to it. Now I want to communicate with Azure function app APIs which are protected via Azure active directory authentication.
I can directly use the client-id and client-secret of App-registration that's been used for function app authentication to get access token and call API, but I don't want to store any secrets/credentials to avoid the secrets-rotation cycle. Is there any way I can use managed identity (system assigned/user-assigned) in order get access token and have request authenticated?
While running locally: I've added Azure-CLI clientID inside authorized client applications, and then I'm able to get a token, but not while running from the app service.
const credential = new DefaultAzureCredential();
const token = await credential.getToken(
"api://0axxxxxxxxxxxxxxxxxxx/.default"
);
console.log("token ->> ", token.token);`
I am not able to add managed identity clientId inside Authorized client applications, I'm only able to enter app registrations clientID. I've also tried to create new app roles, and assign an owner to it but I am not able to assign it to the managed identity.