quervernetzt
Reputation: 11651
Azure Managed Identity: DefaultAzureCredential: Regional Cache Auth Service token requests for flows that require encrypted tokens are forbidden
I have a C# / .NET Core Azure Function with a system managed identity. I want to use this identity to get a token to interact with another service. For this I use DefaultAzureCredential -> GetTokenAsync from Azure.Identity.
But when I try that I get the following error:
ManagedIdentityCredential authentication failed: Service request failed.\nStatus: 400 (Bad Request)\n\nContent:\n{"exceptionMessage":"AADSTS100009: Regional Cache Auth Service token requests for flows that require encrypted tokens are forbidden."
Why is this happening and how can I resolve this issue?
Thanks
Upvotes: 0
Views: 1018
Answers (1)
quervernetzt
Reputation: 11651
For some reason (maybe someone can explain why) after removing .default from the scope it worked.
Upvotes: 0
Related Questions
- Microsoft identity platform and OAuth 2.0 authorization code flow (PKCE) - Error "AADSTS700025"
- Azure Function: DefaultAzureCredential.GetTokenAsync fails when running locally
- Managed service identity must be configured to use authentication-token policy
- Azure: How to fix "The policy requires the caller '...' to use on-behalf-of (OBO) flow" when accessing Key Vault from App Service?
- Using Managed Identity in Azure Pipelines: GetUserAccessToken: Failed to obtain an access token of identity. AAD returned silent failure
- Azure.RequestFailedException in Azure.Security.KeyVault.Secrets
- On behalf of flow returns AADSTS50013: Assertion failed signature validation
- Azure managed identity error - Could not find identity for access token
- On behalf of flow returns AADSTS50013 Assertion failed signature validation. Reason - The key was not found
- DefaultAzureCredentials fails to pickup credentials in MangedIdentity AKS