Reputation: 2042
Unable to get access token. 'AADSTS500011: The resource principal named 'xxx' was not found in the tenant -tenantid
I am trying to get the access token for the Azure function app. I have enabled managed identity for the function App (system assigned), but while fetching the token using the Azure.Identity nuget package
var tokenCredential = new DefaultAzureCredential();
var accessToken = await tokenCredential.GetTokenAsync(
new TokenRequestContext(scopes: new string[] { "https://xxx.azure-api.net/" + "/.default" }) { }
);
I am getting the below error.
The resource principal named 'app-name.azure-api.net' was not found in the tenant "tenant-name"
but when I run az cli to check the subscription details, the subscription indeed part of the tenant only.
Upvotes: 5
Views: 28987
Answers (3)
Reputation: 937
Unfortunately, the error message is not really helpful. But adding a scope to the app registration solved the problem for me:
- In Azure Portal navigate to App Registrations
- Find your app, in the left side menu select Manage => Expose an API
- Add a scope. I named mine
api_accessas this was where this error occurred.
In my case I then got an API URI (like api://client-id/scope_name) which I used in my Angular app. Error message was gone.
Also, make sure that in the Enterprise Application you have created, under Manage => Properties, "Assignment required" and "Visible to users" is turned on.
Upvotes: 3
Reputation: 2042
Here is what I have finally done.
- I have registered an App in AD. and Exposed the API of that App.
- I have assigned System Assigned Managed Identity to the Function.
- In the local I am not able to request token because Azure CLI is not given consent.
- After deploying the application in Function my Function app can request a token using its identity.
Upvotes: 3
Reputation: 716
You need to register the application in azure ad and enable the access token. Once that is done the you need to provide RBAC access to your xxx.azurewebsites.net
Follow this article for the step by step documentation Microsoft Document Reference
Upvotes: 0
Related Questions
- AADSTS70005: response_type 'id_token' is not enabled for the application
- AADSTS90002: Tenant 'xx' not found. This may happen if there are no active subscriptions for the tenant
- Error AADSTS65001 while getting access token
- AADSTS90019: No tenant-identifying information found in either the request or implied by any provided credentials
- Azure authentication - Allowed token audience value needs to be either URI or GUID format
- AADSTS700016: Failed to obtain access token when authenticating to Azure with MSAL
- An error occurred while requesting the token with "Expose an API” scope. AADSTS70011:The provided value for the input parameter 'scope' is not valid
- AADSTS700054: response_type 'id_token' is not enabled for the application
- Error while accessing 'X-MS-TOKEN-AAD-ID-TOKEN': property doesn't exist
- We do not recognize this tenant ID 21f3be0a-713c-4b7f-ab75-3cc5ca25846. Please double-check the tenant ID and try again.",