Reputation: 511
AADSTS65005: Invalid resource. (Azure Time Series Insights API)
I'm trying to obtain an authorization code and token to access a time series environment.
I created an application in Azure Active Directory and gave it access to the time series environment by following the instructions in this link. After that I got my client_id (Application Id) , client_secret (Application Key) and my tenant id.
Then I tried to follow the instructions in this link and I'm trying to obtain the authentication code for the resource "https://api.timeseries.azure.com/" in my browser. The address that I insert in my browser is something like this:
https://login.microsoftonline.com/{tenant}/oauth2/authorize?client_id={client_id}&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2F&response_mode=query&resource=https%3A%2F%2Fapi.timeseries.azure.com%2F&state=12345
I tripled checked the values and it seems to me that everything is correct, but I keep getting the following error in my browser:
AADSTS65005: Invalid resource. The client has requested access to a resource
which is not listed in the requested permissions in the client's application
registration. Client app ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Resource
value from request: https://api.timeseries.azure.com/. Resource app ID:
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. List of valid resources from app
registration: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.
Thanks for any help.
Upvotes: 1
Views: 2386
Answers (1)
Reputation: 511
Finally discovered what was the problem. I'm kind of a noob with microsoft azure but finally understood.
The problem was that the parameter resource had the value "https://api.timeseries.azure.com/" when it should have the application id of the registered App (Service Principal) of the resource that I'm trying to access.
I also needed to create another registered App to be the client and added the registered App of my resource in the Required permissions. I missed this step because when trying to add API's to the required permissions it didn't showed the registered App name of my resource unless I used the filtering with the initial characters of the name as you can see in https://blog.hompus.nl/2017/03/25/missing-azure-apis-when-adding-permissions-to-an-azure-ad-app/ .
In this case the client_id parameter should have Application ID of the registered App of the client.
After that I inserted the address with the correct values in my browser, confirmed the access and the browser returned the auth code.
Upvotes: 2
Related Questions
- Application Insights "Error retrieving data"
- Azure Time Series: json attribute present in raw data but cannot be graphed
- Access Time Series Insights Gen2 from Azure App Service
- API 'metadata' is not supported for environment while posting to Azure Time Series Insight
- how to access to Azure time series insights through API without any application registered?
- Azure Time series Insight preview API fail with Environment with id is not found
- Azure ML Error: TimeSeriesImputer object has no attribute '_known_df'
- Embed Azure Time Series Insights using JavaScript library
- Check Name Availability of Azure Data Factory (ADF), Time Series Insights (TSI) and Stream Analytics Job resources
- how to authenticate to Azure time series insights query API?