Reputation: 140
Azure app registration returns error code AADSTS70001
I have created a provisioning mechanism not unlike this here: group provisioning mechanism
I have successfully implemented the whole workflow on my developer tenant. Now our productive environment, I always receive this error:
[Error]Invoke - RestMethod: {
"error": "unauthorized_client",
"error_description": "AADSTS70001: Application 'ffffffff-...' is disabled.\r\nTrace ID: ffffffff-180f-4bc4-8087-867633c83e00\r\nCorrelation ID: ffffffff-2e5d-481d-adee-f068dbebaab1\r\nTimestamp: 2018-10-29 09:06:59Z",
"error_codes": [70001],
"timestamp": "2018-10-29 09:06:59Z",
"trace_id": "ffffffff-180f-4bc4-8087-867633c83e00",
"correlation_id": "ffffffff-2e5d-481d-adee-f068dbebaab1"
}
This is my code, that should do the authentication:
function Initialize-Authorization {
param
(
[string]
$ResourceURL = 'https://graph.microsoft.com',
[string]
[parameter(Mandatory)]
$TenantID,
[string]
[Parameter(Mandatory)]
$ClientKey,
[string]
[Parameter(Mandatory)]
$AppID
)
$Authority = "https://login.microsoftonline.com/$TenantID/oauth2/token"
Write-Output "auth: $Authority"
[Reflection.Assembly]::LoadWithPartialName("System.Web") | Out-Null
$EncodedKey = [System.Web.HttpUtility]::UrlEncode($ClientKey)
$body = "grant_type=client_credentials&client_id=$AppID&client_secret=$EncodedKey&resource=$ResourceUrl"
Write-Output "body: $body"
# Request a Token from the graph api
$result = Invoke-RestMethod -Method Post ` #`
-Uri $Authority ` #`
-ContentType 'application/x-www-form-urlencoded' ` #`
-Body $body
$script:APIHeader = @{'Authorization' = "Bearer $($result.access_token)" }
}
I already tried generating new keys but I'm stuck. How can the app registration be disabled?
Can someone guide me in the right direction with this?
Upvotes: 2
Views: 4035
Answers (1)
Reputation: 14376
It appears the ServicePrincipal object for your app, in your production tenant, has been disabled. The ServicePrincipal object is represented under "Enterprise apps" in the Azure portal.
In the production tenant, navigate to the Azure portal > Azure AD > Enterprise applications. Search for your app (if it doesn't show up initially, make sure you've selected "All Applications", under "Application Type"). Choose the app, and in the new blade, choose "Properties", on the left.
If "Enabled for users to sign in?" is set to "No", then the app is disabled in that tenant. Setting it to "Yes" will enable it.
Apps don't generally get disabled automatically, so it will probably be a good idea for you to understand why this was disabled, and ensure everyone is clear on what the requirements are.
Upvotes: 8
Related Questions
- Azure registered app error: The user or administrator has not consented to use the application with ID
- InvalidIdentifierUri on creating AAD application
- Azure AD B2C - Error AADB2C90018 immediately after the app registration was created
- Azure App registration: "Delegated permission" is disabled
- AAD app registration not accepting the query string parameter
- Azure AAD Portal registration app manifest unable to update
- App Registration issue in Azure Active Directory, the app is not in the tenant?
- App Registrations in Azure AD
- Microsoft Login Failing:AADSTS70001: Application with identifier was not found in the directory
- AADSTS70002: Error validating credentials in my Azure AD App