Authorize Azure AD application to access RateCard API

Question

Since a change in the Azure OAuth 2, I've an error:

The client 'xxx' with object id 'xxx' does not have authorization to perform action 'Microsoft.Commerce/RateCard/read' over scope '/subscriptions/xxx'.

I've followed the role-based assignment instructions, added a Reader role for my application to the DefaultResourceGroupResource.

I've also added an Admin role in the appRoles section of my application manifest.

And adding all possible app permissions :

To call the RateCard API, I retrieve a token :

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" "https://login.windows.net/xxx.onmicrosoft.com/oauth2/token" -d "grant_type=client_credentials&client_id=xxx&client_secret=xxx"

And I use it in my request :

curl -H "Authorization: Bearer " "https://management.azure.com/subscriptions/xxxproviders/Microsoft.Commerce/RateCard?api-version=2015-06-01-preview&$filter=OfferDurableId eq 'MS-AZR-0003P' and Currency eq 'USD' and Locale eq 'en-US' and RegionInfo eq 'US'"

But I still have this error.

What should I do to add this authorization to my application ?

Here some screenshot of my app permissions:

manuquentin · Accepted Answer

After a brief call with the Azure support, they tell me that this kind of permission can't be handled via the portal, it has to be done in PowerShell.

So I had to download a Windows 10 Virtual Machine to run :

Login to Azure account:

Login-AzureRmAccount

Add permission:

New-AzureRMRoleAssignment -ServicePrincipalName "" -RoleDefinitionName "Reader" -Scope "/subscriptions/"

To check if permissions are assigned correctly:

Get-AzurermRoleAssignment  -ServicePrincipalName ""

Authorize Azure AD application to access RateCard API

Answers (2)

Related Questions