Azure - Error trying to get access token for system-assigned managed identity

markvgti
March 4, 2024
229 views
0 votes
2 Answers

I am trying to acquire an access token for the system-assigned managed identity of my web app. Here’s the code I tried:

DefaultAzureCredential cred = new DefaultAzureCredential(new DefaultAzureCredentialOptions()
{ 
    ManagedIdentityClientId = Constants.ManagedIdentityId,
});
var accessToken = cred.GetToken(new TokenRequestContext(new[] { "https://management.azure.com" }));

When I try to use this access token to access the API Management REST API, I get the following error:

The access token is from the wrong issuer
‘https://sts.windows.net/TENANT_ID1/’. It
must match the tenant
‘https://sts.windows.net/TENANT_ID2/’
associated with this subscription. Please use the authority (URL)
‘https://login.windows.net/TENANT_ID2’ to
get the token.

How/where do I set the Tenant ID?

NB: At this stage I’m running the code on my dev machine in Visual Studio.

Answers

Chosen as BEST ANSWER
- markvgti
- February 5, 2024 at 11:16 am
- 0 votes
0
Found the (rather easy) solution minutes after posting this question. All that has to be done is to specify the tenant ID when creating the DefaultAzureCredential:
```
DefaultAzureCredential cred = new DefaultAzureCredential(new DefaultAzureCredentialOptions()
{ 
    TenantId = Constants.TENANT_ID,
    ManagedIdentityClientId = managedIdentityId,
});
```

(Edit)

- hokhs
- March 4, 2024 at 9:48 am
- 0 votes
0
For system-assigned managed identity, it is unnecessary to set the object ID of your managed identity to ManagedIdentityClientId.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Azure – Error trying to get access token for system-assigned managed identity

Answers