search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.98k stars 2.96k forks source link

az bot authsetting create throws AuthorizationFailed Error #17265

Open cxbuilders opened 3 years ago

cxbuilders commented 3 years ago

When running the following command in the azure CLI:

az bot authsetting create `
            --resource-group $resourceGroupName `
            --name $botRegistration.name `
            --service Aadv2 `
            --setting-name $_.name `
            --client-id $_.clientId `
            --client-secret $_.clientSecret `
            --provider-scope-string $_.scopes `
            --parameters clientId=$($_.clientId) clientSecret=$($_.clientSecret) tenantId=$tenantId tokenExchangeUrl=api://botid-$($_.clientId)

It throws the error: The client 'xxx-xxx-xx' with object id 'xxx-xxx-xx' does not have authorization to perform action 'Microsoft.BotService/listAuthServiceProviders/action' over scope '/subscriptions/xxx-xxx-xx' or the scope is invalid. If access was recently granted, please refresh your credentials.

This does not seem to make any sense, as doing the same with an ARM template has no problems. The Account running the command has Contributor rights on the resource group level.

yonzhan commented 3 years ago

bot