Authenticating a service so it can request data from another service behind Azure Easy Auth

Question

Hello.

I want to authenticate a service so it can call another service using easy auth WITHOUT any user input, while still using Easy Auth on the service that is being called.

I have 2 services 1 which is basicly a frontend with a controller. Let's call this one "Service A" This service is also locked down by using aures built in authentication, and then using Microsoft as an identity provider.

The other service, let's call it "Service B". "Service B" is just a simple background service disgused as a web API. We've got some middleware to make sure only calls with the proper subscriptionkey can call it though.

Is there anyway for "Service B" to get authenticated and call "Service A" WITHOUT any user input?

I've used Chatgpt to help me, and it has set up an JWT token that I then get an access token to. The only problem this ONLY works if I disable our Microsoft authentication which is a no go.

This has been done by exposing an API and then adding the API permission to the App Registration belonging to "Service B"

Answer 1

for service A to call service B without a user token requires the service a to have it own access token. this is pretty easy, on the service B site under api permission, you define a client secret. then service A can get an access token using the clientid and secret.

https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/access-api?tabs=rest

you should use azure key vault to store the secret.