Microsoft Azure · Capability

Microsoft Azure InstanceMetadataClient — Get Token

Microsoft Azure InstanceMetadataClient — Get Token. 1 operations. Lead operation: Microsoft Azure Get Identity Oauth2 Token. Self-contained Naftiko capability covering one Microsoft Azure business surface.

Run with Naftiko Microsoft AzureGet Token

What You Can Do

GET
Microsoftazureidentitygettoken — Microsoft Azure Get Identity Oauth2 Token
/v1/identity/oauth2/token

MCP Tools

microsoft-azure-get-identity-oauth2

Microsoft Azure Get Identity Oauth2 Token

read-only idempotent

Capability Spec

instancemetadataclient-get-token.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Microsoft Azure InstanceMetadataClient — Get Token
  description: 'Microsoft Azure InstanceMetadataClient — Get Token. 1 operations. Lead operation: Microsoft Azure Get Identity
    Oauth2 Token. Self-contained Naftiko capability covering one Microsoft Azure business surface.'
  tags:
  - Microsoft Azure
  - Get Token
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    MICROSOFT_AZURE_API_KEY: MICROSOFT_AZURE_API_KEY
capability:
  consumes:
  - type: http
    namespace: instancemetadataclient-get-token
    baseUri: http://169.254.169.254/metadata
    description: Microsoft Azure InstanceMetadataClient — Get Token business capability. Self-contained, no shared references.
    resources:
    - name: identity-oauth2-token
      path: /identity/oauth2/token
      operations:
      - name: microsoftazureidentitygettoken
        method: GET
        description: Microsoft Azure Get Identity Oauth2 Token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: resource
          in: query
          type: string
          description: This is the urlencoded identifier URI of the sink resource for the requested Azure AD token. The resulting
            token contains the corresponding aud for this resourc
          required: true
        - name: client_id
          in: query
          type: string
          description: This identifies, by Azure AD client id, a specific explicit identity to use when authenticating to
            Azure AD. Mutually exclusive with object_id and msi_res_id.
        - name: object_id
          in: query
          type: string
          description: This identifies, by Azure AD object id, a specific explicit identity to use when authenticating to
            Azure AD. Mutually exclusive with client_id and msi_res_id.
        - name: msi_res_id
          in: query
          type: string
          description: This identifies, by urlencoded ARM resource id, a specific explicit identity to use when authenticating
            to Azure AD. Mutually exclusive with client_id and objec
        - name: authority
          in: query
          type: string
          description: This indicates the authority to request AAD tokens from. Defaults to the known authority of the identity
            to be used.
        - name: bypass_cache
          in: query
          type: string
          description: If provided, the value must be 'true'. This indicates to the server that the token must be retrieved
            from Azure AD and cannot be retrieved from an internal cach
  exposes:
  - type: rest
    namespace: instancemetadataclient-get-token-rest
    port: 8080
    description: REST adapter for Microsoft Azure InstanceMetadataClient — Get Token. One Spectral-compliant resource per
      consumed operation, prefixed with /v1.
    resources:
    - path: /v1/identity/oauth2/token
      name: identity-oauth2-token
      description: REST surface for identity-oauth2-token.
      operations:
      - method: GET
        name: microsoftazureidentitygettoken
        description: Microsoft Azure Get Identity Oauth2 Token
        call: instancemetadataclient-get-token.microsoftazureidentitygettoken
        with:
          resource: rest.resource
          client_id: rest.client_id
          object_id: rest.object_id
          msi_res_id: rest.msi_res_id
          authority: rest.authority
          bypass_cache: rest.bypass_cache
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: instancemetadataclient-get-token-mcp
    port: 9090
    transport: http
    description: MCP adapter for Microsoft Azure InstanceMetadataClient — Get Token. One tool per consumed operation, routed
      inline through this capability's consumes block.
    tools:
    - name: microsoft-azure-get-identity-oauth2
      description: Microsoft Azure Get Identity Oauth2 Token
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: instancemetadataclient-get-token.microsoftazureidentitygettoken
      with:
        resource: tools.resource
        client_id: tools.client_id
        object_id: tools.object_id
        msi_res_id: tools.msi_res_id
        authority: tools.authority
        bypass_cache: tools.bypass_cache
      outputParameters:
      - type: object
        mapping: $.