天蓝色无法访问密钥库以发布可验证的凭据

Question

I'm trying to use Azure's sample code for issuing and verifying Verifiable Credentials in Nodejs. I've followed the tutorial , and manage to setup a Verifiable Credential preview, as in the example. But when I run the run.sh script and I scan the generated qr code in my microsoft-authenticator app I get the following exception in my app:

INFO/DID_SDK/: HttpError: 403 body: {"requestId":"myRequestId", "date":"currentDate", "mscv":"myMscv", "error":{"code":"Forbidden", "message":"Unable to access Keyvault resource with given credentials."}}

Answer 1

The error 403 forbidden usually occurs if you don't have required permissions to access the requested resource (in your case Key Vault).

Please check whether you have set access policies for the Key Vault before setting up verifiable credentials. If not, set it like below:

Go to Azure portal -> Go to key vault settings -> Access policies -> Add access policies -> User -> Select account -> Add key permissions.

You should not modify the keys and secrets once created. Modifying keys and secrets will invalidate credentials. Check this Microsoft Article .

Make sure to set access policies in your key vault for both the administrator account of the Azure AD Verifiable Credentials service and for the Request Service API principal that you created.

There is also a possibility to get this error if firewall policy is enabled.

Turn on Azure Key Vault logging that will give you the reason behind the error ( Access policy/Firewall policy ).

Based on the reason, you can troubleshoot by following the below reference :

HTTP 403: Troubleshooting - Azure Key Vault | Microsoft Docs

AZIdentity | Key Vault Firewall access by Azure App Services