Closed billziss-gh closed 1 year ago
FYI some further debugging into the guts of Microsoft.Devices.HardwareDevCenterManager.Utility.AuthorizationHandler
reveals that the error is 900023.
And yet (I think) I have specified the correct tenantId
as reported by the Partner Center UI.
Hey @billziss-gh, if you are using a valid GUID
for the tenant ID then that should be correct.
500
. [
{
"clientId": "guid",
"key": "string",
"tenantId": "guid",
"url": "https://manage.devcenter.microsoft.com",
"urlPrefix": "v2.0/my"
}
]
Could you provide more information or a link to the docs in regard to your comment
the administration user interface as it is currently presented by the hardware dashboard
If you feel you have everything configured correctly and are still having issues, you may need to contact Partner Center Support.
Hey @billziss-gh, if you are using a valid
GUID
for the tenant ID then that should be correct.
I am using the same "tenant" GUID
as it appears in both the "Microsoft Partner Center", but also "Microsoft Azure Portal" at portal.azure.com
.
- You've associated your app registration in Partner Center?
I am uncertain what that means.
I have a (double) app registration that looks like pic below:
(FYI I only did a single app registration.)
- Have you verified the credentials are being passed into the call correctly?
I have used the debugger to trace through the ObtainAccessToken
method in Microsoft.Devices.HardwareDevCenterManager.Utility.AuthorizationHandler
and it appears to me that the tenantId
, clientId
and key
are copied correctly. Nevertheless this call fails with status code 400 and content:
"{\"error\":\"invalid_request\",\"error_description\":\"AADSTS900023: Specified tenant identifier 'XXXX' is neither a valid DNS name, nor a valid external domain.\\r\\nTrace ID: 996b0fb1-5da4-48ef-a29b-a30353aa0a00\\r\\nCorrelation ID: 9f7ea65b-b857-43c4-b034-62d817581d40\\r\\nTimestamp: 2023-02-02 18:12:17Z\",\"error_codes\":[900023],\"timestamp\":\"2023-02-02 18:12:17Z\",\"trace_id\":\"996b0fb1-5da4-48ef-a29b-a30353aa0a00\",\"correlation_id\":\"9f7ea65b-b857-43c4-b034-62d817581d40\",\"error_uri\":\"https://login.microsoftonline.com/error?code=900023\"}"
- Have you been able to make any other calls successfully?
No.
Could you provide more information or a link to the docs in regard to your comment
I do not recall all the details, but (I think that) the docs do not mention the "Reply URL" and "App ID URI" fields required for app registration.
BTW this account was automatically migrated from the original sysdev portal. I am not sure if this makes any difference.
For number 1, yes that is what I was referring to. Looks like you do have the Azure AD Apps Type
. I would reach out to Partner Center support and see if they can clarify anything further about your account and registered app.
Here is the link, if you need it. Learn \ Partner Center Docs \ Help + support \ Get help and contact support in Partner Center
With the latest release I am able to run commands without any issues. Maybe try the call from Postman and see if you get the same result.
@Ben-Carpenter thanks. I will contact support.
Regarding the "Reply URL" and "App ID URI" fields that were requested during registration do you have any advice what to use? I used http://localhost
for "Reply URL" and api://SDMC
for "App ID URI". Perhaps you have better suggestions?
There are different options for passing the creds
to the DevCenterCredentialsHandler to get a valid token which is handled by the tool to use in the AuthorizationHandler. To the best of my knowledge, nothing is required for the App Registration > Platform configurations
if using this tool as-is.
It turns out that if I use the tenant domain name (i.e. MYCOMPANYNAME.onmicrosoft.com
) instead of the tenant GUID, I am able to retrieve a token and use the API.
Now this may be because I messed up with lots of app settings in the Azure portal. But at least that's progress!
Good to hear! Thanks for reporting back in case others run into the same issue. I will go ahead and close this one out for now.
I am attempting to configure and use SDCM to manage attestation submissions for WinFsp. Unfortunately when I run SDCM with options
-v --list=product
I receive the following error (after some delay):Running Fiddler with HTTPS decryption reveals that
manage.devcenter.microsoft.com
has failed with a500
error:Request:
Response:
The
Authorization: Bearer
header looks incorrect to me. So this is likely some auth misconfiguration on my part, although I have populatedauthconfig.json
as per the instructions in your README. (I note that some of the README instructions do not appear to match the administration user interface as it is currently presented by the hardware dashboard.)My
authconfig.json
: