Azure API Management + Service Bus topic : Error 40104: Invalid authorization token audience
Question
I am trying to publish push messages to an Azure Service Bus Topic through Azure API Management. I can do that alright with SAS authentication, but now I would like to rely on a Managed Service Identity.
I am able to retrieve an OAuth token with this policy :
<authentication-managed-identity resource="https://my-namespace.windows.net/" output-token-variable-name="sb-msi-access-token" ignore-error="false" />
But when I push the message to the topic (on https://my-namespace.servicebus.windows.net/mytopic/messages ), I get a frustrating 40104: Invalid authorization token audience .
If I try and request a token for the following ressource : https://my-namespace.servicebus.windows.net/my-topic or even https://my-namespace.servicebus.windows.net/my-topic/messages , I get the following error :
The resource principal named https://my-namespace.servicebus.windows.net/orders was not found in the tenant
Any idea what I am missing?
1 answers
solution1
1 ACCPTED 2019-12-05 21:01:37
Found what the problem was : I was too quick reading the documentation, and it appears I was specifying the wrong ressource.
In the end, the specified resource must be https://servicebus.azure.net , whatever the service bus namespace or the queue / topic :
<authentication-managed-identity resource="https://servicebus.azure.net/" output-token-variable-name="sb-msi-access-token" ignore-error="false" />
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.