I'm quite lost here. For some reason, almost all documentation relating to my problems are bringing up a 404.
I'm trying to programmatically access Azure AI Video Indexer. I've downloaded (and slightly modified) the ARM API example from the github here:
https://github.com/Azure-Samples/media-services-video-indexer/tree/master/API-Samples/C%23/ArmBased
And set up my Azure resources. I created a Video Indexer service, as well an Entra ID app registration with the following permissions:
When I try to use the code to get an account access token (code):
public static class AccountTokenProvider
{
private static readonly string clientId = "removed";
private static readonly string clientSecret = "removed";
private static readonly string tenantId = "removed";
public static async Task<string> GetArmAccessTokenAsync(CancellationToken ct = default)
{
var tokenRequestContext = new TokenRequestContext(new[] { $"{Consts.AzureResourceManager}/.default" });
var options = new TokenCredentialOptions
{
AuthorityHost = new Uri($"https://login.microsoftonline.com/{tenantId}")
};
var credential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
//var tokenRequestResult = await new DefaultAzureCredential().GetTokenAsync(tokenRequestContext, ct);
var tokenRequestResult = await credential.GetTokenAsync(tokenRequestContext, ct);
return tokenRequestResult.Token;
}
public static async Task<string> GetAccountAccessTokenAsync(string armAccessToken, ArmAccessTokenPermission permission = ArmAccessTokenPermission.Contributor, ArmAccessTokenScope scope = ArmAccessTokenScope.Account, CancellationToken ct = default)
{
var accessTokenRequest = new AccessTokenRequest
{
PermissionType = permission,
Scope = scope
};
try
{
var jsonRequestBody = JsonSerializer.Serialize(accessTokenRequest);
Console.WriteLine($"Getting Account access token: {jsonRequestBody}");
var httpContent = new StringContent(jsonRequestBody, System.Text.Encoding.UTF8, "application/json");
// Set request uri
var requestUri = $"{Consts.AzureResourceManager}/subscriptions/{Consts.SubscriptionId}/resourcegroups/{Consts.ResourceGroup}/providers/Microsoft.VideoIndexer/accounts/{Consts.ViAccountName}/generateAccessToken?api-version={Consts.ApiVersion}";
var client = HttpClientUtils.CreateHttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", armAccessToken);
var result = await client.PostAsync(requestUri, httpContent, ct);
Console.WriteLine(await result.Content.ReadAsStringAsync());
result.EnsureSuccessStatusCode();
var jsonResponseBody = await result.Content.ReadAsStringAsync(ct);
Console.WriteLine($"Got Account access token: {scope} , {permission}");
return JsonSerializer.Deserialize<GenerateAccessTokenResponse>(jsonResponseBody)?.AccessToken!;
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
throw;
}
}
}
I get a 403 forbidden error.
{"error":{"code":"AuthorizationFailed","message":"The client '[shows enterprise app id]' with object id '[exact same enterprise app id here]' does not have authorization to perform action 'Microsoft.VideoIndexer/accounts/generateAccessToken/action' over scope '/subscriptions/[correct subscription id]/resourcegroups/[correct resource group name]/providers/Microsoft.VideoIndexer/accounts/[correct AI video indexer account name]' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
Any thoughts? I'm totally stumped here.