Generate Microsoft Entra ID access token
Learn how to generate Microsoft Entra ID access token
Ensure you have configured token permissions for Entra ID SP.
# Replace values in <>. Token expires in ~1 hour.
curl -X POST "https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token" \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=<application-id>' \
-d 'client_secret=<client-secret>' \
-d 'grant_type=client_credentials' \
-d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default'
Replace:
<tenant-id> with the Directory (tenant) ID from Create the app registration in Microsoft Entra ID.
<application-id> with the Application (client) ID from Create the app registration in Microsoft Entra ID.
<client-secret> with the client secret Value from Create the app registration in Microsoft Entra ID.
The 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d/.default scope identifies Azure Databricks and is not workspace-specific. Do not change it. Refer to Microsoft Learn.
Token lifetime: Entra tokens are short-lived (~1 hour). Use immediately to create the PAT, or automate with CLI/SDK tools. Refer to Microsoft Learn.
Now continue to Create PAT for Entra ID SP via API.