Closed patmci closed 1 year ago
@patmci Can you try generating the access token with scope "https://cnt-prod.loadtesting.azure.com/.default"? I assume the token generated did not use any scope/audience
@patmci... does your app have the required roles? can you refer this
Hi, thanks for this - I can confirm that the App has the contributor role on Load Test
@patmci Can you try generating the access token with scope "https://cnt-prod.loadtesting.azure.com/.default"? I assume the token generated did not use any scope/audience
How would I add a scope like this in an Azure App Registration?
The token has an audience of "aud": "https://management.azure.com/" currently
@Harshan01 can you please help with this?
Thanks I got this working. I needed token with a resource of https://management.azure.com/ to create the load test. As per @Harshan01 I was missing the scope https://cnt-prod.loadtesting.azure.com/.default for the PATCH operation.
So I ended up with 2 tokens, 1 with the resource in the header to get the dataplaneuri from LoadTest and one with the scope in the header using the dataplaneuri to create the test
Describe the bug I am using an Azure App Registration to create Azure Load Tests. I am able to create a Load Test and retrieve it. However when I attempt to create a test on that load test using the dataPlaneUri, I am denied access. My App has scopes for loadtests.read and loadtests.write.
To Reproduce
Error message Bearer error="invalid_token", error_description="S2S17001: SAL was able to validate the protocol, but validation failed as none of the inbound policies were satisfied. Validation failures: '6ddb9c11-a689-43ec-b923-c673c49dea0c: InvalidAudience."
Additional context My bearertoken will allow me to create the load tests, but not to create the tests on the load test.
AB#1680254