I'm trying to call an Azure function from an API Management instance by using Managed Identity. I have set a System Managed Identity to my APIM instance. I have granted the Contributor role to this identity on the Azure Function App. I have also change the App Service Authentication to AD.
Now I'm trying to call the function from an API.
I have two issues:
Maybe I'm just trying to get a token on the wrong audience, but unfortunately the audience of functions is not listed in the document (for service bus for example, there is a common URI to use, also for KeyVault, ...).
I think that I probably missed something in the picture... Thanks.
You need to use the authentication-managed-identity
policy to authenticate with a backend service using the managed identity of the API Management service.
EDIT
1-In your APIM application on Azure AD, grab the Application ID assigned for enterprise application.
2-Then go to Platform features in your Azure Function App, and click on Authentication / Authorization.
3-Select Azure Active Directory as the authentication provider, and the management mode "express".
4-Back to authentication-managed-identity policy, set the Application ID from step 1 as the resource.
you need to add the url in apim required resource. If you're planning to use delegated flow. To check if the issue is with the url registration you can use the AppId instead. This will at least tell you if the token can be retrieved.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.