Authorization Issue with Azure App Configuration API

Shree 0 Reputation points
2024-04-18T12:43:59.4666667+00:00

I'm encountering an authorization problem while attempting to perform actions on the Azure App Configuration API. The error message I'm receiving is:

The client '5301c929-b34c-4022-a5a2-c3b5e4a29bdc' with object id '5301c929-b34c-4022-a5a2-c3b5e4a29bdc' does not have authorization to perform action 'Microsoft.AppConfiguration/configurationStores/keyValues/action' over scope '/subscriptions/efa07df8-98b2-49da-8b62-14c94a05dc51/resourceGroups/AzureAppConfigTest/providers/Microsoft.AppConfiguration/configurationStores/AzureAppConfigTest2024/keyValues/Testkey' or the scope is invalid. If access was recently granted, please refresh your credentials.

Steps Taken:

  1. Verified permissions for the client ID.
  2. Refreshed credentials as suggested in the error message.
  3. Checked the validity of the scope.
  4. Reviewed Azure policies to ensure they are not restricting access unintentionally.

Expected Outcome: I expect the client with the provided client ID to have the necessary permissions to perform the action specified over the given scope.

Additional Information:

  • This issue started occurring recently without any changes to permissions or configurations.
  • The application is using the Azure Active Directory OAuth2 implicit flow for authentication.
  • Any insights or guidance on resolving this issue would be greatly appreciated.
Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
209 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,532 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Navya 4,000 Reputation points Microsoft Vendor
    2024-04-29T04:42:09.31+00:00

    Hi @Shree

    Thank you for posting this in Microsoft Q&A.

    I understand you are encountering an authorization issue while attempting to perform actions on the Azure App Configuration API.

    Can you please check azure roles to your application to manage azure resources.

    Azure resource manager also exposes role based authorization for a given principal, which would give it rights on Azure resources. It appears the service principal doesn't have rights to read from that subscription.

    Go to portal and find your subscription, click on Access Control (IAM) and then click on Add role assignment with correspond service principal which you use to acquire token.

    For your reference: https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote" it.

    0 comments