0

I have been trying to call the azure resource manager api to get a list of the resources in a subscription but as soon as I call the method , it gives me an error and the user isn't able to authenticate and gives out a scope not found error " The application 'Partner Center Web App 3' asked for scope 'user_impersonation' that doesn't exist on the resource"

and " invalid_client: AADSTS650053: The application 'Partner Center Web App 3' asked for scope 'user_impersonation' that doesn't exist on the resource"

I have shared the method I am trying to call ()

fetchAzureResources() {
  this.msalservice.acquireTokenSilent({ scopes: ['https://management.azure.com/user_impersonation'] }).subscribe((response) => {
    const accessToken = response.accessToken;

    this.httpClient.get(`https://management.azure.com/subscriptions?api-version=2014-04-01`, {
      headers: {
        Authorization: `Bearer ${accessToken}`
      }
    }).subscribe((data: any) => {
      this.resources = data.value;
      // this.dataSource.data = this.resources; // Update table data
    });
  });
}
}

Though the tokens are being generated

token

I tried adding the scope "https://management.azure.com/user_impersonation" it does generate the token but I am not able to call the "https://management.azure.com/subscriptions/xxxxxxxxxxxxxxxxxxxxxxxx/resources?api-version=2021-04-01"

Improve this question
8
  • Have you grant the permission in the application?
    – Dasari Kamali
    Commented May 17 at 5:02
  • @DasariKamali Yes I have but now it is throwing this error " error": "invalid_grant", "error_description": "AADSTS65001: The user or administrator has not consented to use the application with ID '754f0ec3-7f2d-49a4-8b88-ad10f5fcb6sf' named 'Portal APP'. Can you check if the endpoints that I am using are the correct end points ?
    – p0stdelay
    Commented May 17 at 8:21
  • You should grant admin consent to the API permission as I gave in the screenshot in my answer.
    – Dasari Kamali
    Commented May 17 at 8:27
  • @DasariKamali I did but it still throws the same error
    – p0stdelay
    Commented May 17 at 9:45
  • 1
    @DasariKamali Yes , it worked for me . Thanks
    – p0stdelay
    Commented Jun 27 at 10:48

1 Answer 1

Reset to default
0

The application 'Partner Center Web App 3' asked for scope 'user_impersonation' that doesn't exist on the resource" and " invalid_client: AADSTS650053: The application 'Partner Center Web App 3' asked for scope 'user_impersonation' that doesn't exist on the resource

The error you face is authentication and authorization issues while accessing Azure Resource Manager API from your Angular web app. The error message suggests that the scope 'user_impersonation' is not recognized by the Azure resource you are trying to access.

You should assign the reader role to the app as below,

enter image description here

Add the below permissions to the app.

enter image description here

Code :

fetchAzureResources() {
  this.msalservice.acquireTokenSilent({ scopes: ['https://management.azure.com/user_impersonation'] }).subscribe((response) => {
    const accessToken = response.accessToken;
    this.httpClient.get(`https://management.azure.com/subscriptions?api-version=2014-04-01`, {
      headers: {
        Authorization: `Bearer ${accessToken}`
      }
    }).subscribe((data: any) => {
      this.resources = data.value;
      // this.dataSource.data = this.resources;
    });
  });
}
}
Improve this answer
0

Not the answer you're looking for? Browse other questions tagged or ask your own question.