Reputation: 67
Azure Active Directory Authorization "The access token is from the wrong issuer '
I'm trying to implement this but I'm having an error:
{
"error": {
"code": "InvalidAuthenticationTokenTenant",
"message": "The access token is from the wrong issuer 'https://sts.windows.net/id/'. It must match the tenant 'https://sts.windows.net/id/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/id' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."
}
}
Any help is really appreciated. Thanks!!!
Update: Here's the code:
public static string GetAccessToken()
{
var authenticationContext = new AuthenticationContext("https://login.windows.net/tenant-id");
var credential = new ClientCredential(clientId: "client-id", clientSecret: "key");
var result = authenticationContext.AcquireToken(resource: "https://management.core.windows.net/", clientCredential: credential);
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
string token = result.AccessToken;
return token;
}
Also, is there an API for pricing calculator? Thanks
Upvotes: 3
Views: 13710
Answers (1)
Reputation: 837
The reason for this is : we authenticated against the common tenant, but now we're trying access data from a subscription which belongs to a separate tenant - and we don't have an AccessToken for this new tenant.
What we have to do in this case is acquire a new AccessToken (a JWT) for the same user and client ID, but authorising against the tenant for the subscription we selected.
i.e. we have an AccessToken , but it's a common tenant AccessToken , and therefore is limited in what is authorised: to work with resources that are specific to a particular subscription, we now need an AccessToken for that specific subscription and tenant.
To do this, we just need to use the TenantId of the subscription the User selected instead of using a Tenant of "common".
See the step 3 at http://www.bizbert.com/bizbert/2015/11/16/Listing+Subscriptions+And+Logic+Apps+From+NET.aspx for details.
Upvotes: 0
Related Questions
- InvalidAuthenticationTokenTenant
- Error trying to get access token for system-assigned managed identity
- How to solve (permissions) problem of Azure Windows 10 VM not Starting with AutoStart
- Azure Logic App: Azure VM Connector - InvalidAuthenticationTokenTenant
- Got Unauthorization Error when create Azure Task Automation
- Azure ML inference pipeline deployment authorization token error
- Error: The access token is from the wrong issuer 'https://sts.windows.net/***/'
- Error when setting up Release pipeline to Connect to Azure Subscription
- Azure rsaKey from KeyVaultKeyResolver is always null
- Error:InvalidAuthenticationTokenTenant' The access token is from the wrong issuer