Error:InvalidAuthenticationTokenTenant' The access token is from the wrong issuer

Question

I am using Node js to authenticate into Azure AD to create a Data lake storage account, it logs in but for the account creation it gives the error: code: 'InvalidAuthenticationTokenTenant', message: 'The access token is from the wrong issuer \'https://sts.windows.n et\'. It must match the tenant \'https://sts.windows.net/\' associated with this subs cription.

var msRestAzure = require('ms-rest-azure');
var adlsManagement = require("azure-arm-datalake-store");

msRestAzure.interactiveLogin(function(err, credentials) {

 var accountName = 'testadlsacct';
 var pathToEnumerate = '/myfolder';
  var acccountClient = new adlsManagement.DataLakeStoreAccountClient(credentials, 'dxxxxxxx-dxxx-4xxx-bxxx-5xxxxxxxxx');
 var filesystemClient = new adlsManagement.DataLakeStoreFileSystemClient(credentials);

  var util = require('util');
var resourceGroupName = 'testrg';
var accountName = 'testadlsacct';
var location = 'eastus2';


var accountToCreate = {
  tags: {
    testtag1: 'testvalue1',
    testtag2: 'testvalue2'
  },
  name: accountName,
  location: location
};
var client= new adlsManagement.DataLakeStoreAccountClient(credentials,    'dxxxxxxxx-xxx-xxxx--xxxxxx');
    client.account.create(resourceGroupName, accountName, accountToCreate,     function (err, result, request, response) 
//other code here
});

Answer 1

Taking a look at how ms-rest-azure's msRestAzure.interactiveLogin function is written, it appears that there's a "domain", or tenant, parameter that you can pass in the event that you are a member of more than one Azure Active Directory (tenant).

You should pass in the tenant that is tied to your subscription. This should be given to you in the full, current error message that you get. The tenant may look like "contoso.com", "contoso.onmicrosoft.com", or it could be a GUID.

This disambiguates your authentication call by explicitly mentioning which directory should be used.

I hope this helps!