Closed andrewschmidgit closed 3 weeks ago
This may be related to #1584, at least when this error appears when the function app is deployed
I suspect that this may be related to a recent change to TokenCredential
such that it now expects a list of scopes as a parameter rather than a resource.
https://github.com/Azure/azure-sdk-for-rust/pull/1493
I think that the fix may be to add a /.default
suffix to the scope generated here:
https://github.com/Azure/azure-sdk-for-rust/blob/main/sdk/data_cosmos/src/authorization_policy.rs#L193
I'm running into the same issue. As @johnbatty has mentioned, it is a malformed scope for the cosmos client. You can see the correctly formatted .default
scope in the Azure SDK for Go. You can also verify this by authenticating with the scope via Azure CLI using: az login --scope https://${YOUR_ACCOUNT_NAME}.documents.azure.com/.default
.
The current scope being passed is https://${YOUR_ACCOUNT_NAME}.documents.azure.com
, which responds with the aforementioned error.
Hi!
I'm attempting to use the
DefaultAzureCredential
to authenticate to CosmosDB within an Azure function project. This is the error I am receiving when using theCosmosClient
to perform a document patch ({cosmos-db-account-name} is the actual account name):Relevant Info
az
cliAZURE_TENANT_ID
,AZURE_CLIENT_ID
,AZURE_SCOPE
, andAZURE_CLIENT_SECRET
set in mylocal.settings.json
, and have confirmed my app has access to themCargo.toml
CosmosClient
setup:Any help would be greatly appreciated, and I'm happy to provide more info as needed