1

I'm trying to obtain an authorization code and token to access a time series environment.

I created an application in Azure Active Directory and gave it access to the time series environment by following the instructions in this link. After that I got my client_id (Application Id) , client_secret (Application Key) and my tenant id.

Then I tried to follow the instructions in this link and I'm trying to obtain the authentication code for the resource "https://api.timeseries.azure.com/" in my browser. The address that I insert in my browser is something like this:

https://login.microsoftonline.com/{tenant}/oauth2/authorize?client_id={client_id}&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2F&response_mode=query&resource=https%3A%2F%2Fapi.timeseries.azure.com%2F&state=12345

I tripled checked the values and it seems to me that everything is correct, but I keep getting the following error in my browser:

AADSTS65005: Invalid resource. The client has requested access to a resource 
which is not listed in the requested permissions in the client's application 
registration. Client app ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Resource 
value from request: https://api.timeseries.azure.com/. Resource app ID: 
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. List of valid resources from app 
registration: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.

Thanks for any help.

Daniel Serrão
  • 481
  • 1
  • 6
  • 17
  • Just to make sure inside the Azure Portal, did you add the timeseries resource to your apps permissions? – Daniel Dobalian Oct 10 '17 at 23:44
  • Hi Daniel, thanks for the response. In the Time series environment page, I added the registered App in the Data Access Policies section. In Azure Active Directory -> Apps Registration -> Timeseries Environment -> Settings -> Required permissions -> Add API access -> Select an API, I don't see any API related to the time series resource. – Daniel Serrão Oct 11 '17 at 07:25

1 Answers1

2

Finally discovered what was the problem. I'm kind of a noob with microsoft azure but finally understood.

The problem was that the parameter resource had the value "https://api.timeseries.azure.com/" when it should have the application id of the registered App (Service Principal) of the resource that I'm trying to access.

I also needed to create another registered App to be the client and added the registered App of my resource in the Required permissions. I missed this step because when trying to add API's to the required permissions it didn't showed the registered App name of my resource unless I used the filtering with the initial characters of the name as you can see in https://blog.hompus.nl/2017/03/25/missing-azure-apis-when-adding-permissions-to-an-azure-ad-app/ .

In this case the client_id parameter should have Application ID of the registered App of the client.

After that I inserted the address with the correct values in my browser, confirmed the access and the browser returned the auth code.

Daniel Serrão
  • 481
  • 1
  • 6
  • 17
  • In the search box, just copy paste the Client ID shown in the error message, you will get the API name, add the permission and wait for 10 sec and test again. Thank you, it worked for me. – Rathish Kumar B Sep 18 '19 at 08:19