# NOT RUN {
vault <- key_vault("mykeyvault")
cert <- vault$certificates$create("mynewcert")
cert$cer
cert$export("mynewcert.pem")
# new version of an existing certificate
vault$certificates$create("mynewcert", x509=cert_x509_properties(validity_months=24))
cert <- vault$certificates$get("mynewcert")
vers <- cert$list_versions()
cert$set_version(vers[2])
# updating an existing cert version
cert$set_policy(x509=cert_x509_properties(validity_months=12))
## signing a JSON web token (JWT) for authenticating with Azure Active Directory
app <- "app_id"
tenant <- "tenant_id"
claim <- jose::jwt_claim(
iss=app,
sub=app,
aud="https://login.microsoftonline.com/tenant_id/oauth2/token",
exp=as.numeric(Sys.time() + 60*60),
nbf=as.numeric(Sys.time())
)
# header includes cert thumbprint
header <- list(alg="RS256", typ="JWT", x5t=cert$x5t)
token_encode <- function(x)
{
jose::base64url_encode(jsonlite::toJSON(x, auto_unbox=TRUE))
}
token_contents <- paste(token_encode(header), token_encode(claim), sep=".")
# get the signature and concatenate it with header and claim to form JWT
sig <- cert$sign(openssl::sha256(charToRaw(token_contents)))
cert_creds <- paste(token_contents, sig, sep=".")
AzureAuth::get_azure_token("resource_url", tenant, app, certificate=cert_creds)
# }
Run the code above in your browser using DataLab