Call secure Azure API from Azure Scheduler

3
votes

I have developed an Azure API which is secure with "log in with azure active directory" configured in ExpressMode. In Azure management portal, under application, choosing the registered app in configure section I copied , Client ID and generated key

Now I need to call this API , from azure scheduler, I configured Authentication setting under job Action setting to use "Active Directory OAuth" and I entered the related value for Tenant, ClientId , Secret and for Audience I left the default value which is : https://management.core.windows.net/
but when I try to run the job will be failed Unauthorized' Response Headers:... body : You do not have permission to view this directory or page.

I was wondering which part I have missed to configure?

Thanks!

1
oauthazure-active-directoryunauthorizedazure-api-appsazure-scheduler
To clarify, you created your own AAD Resource Application and AAD Client Application. You would like to get a token from the client to the resource? Or are you simply trying to get sign-in to work for your application? As in, get an ID Token? Thanks for the clarification!Shawn Tabrizi

1 Answers

2
votes

after some more research, finally found answer, Thanks to the "Unauthorized" when invoking an API App from Azure Scheduler with Azure AD OAuth authentication

  1. Browse to AzureResource Explorer
  2. Select your API app , under config select authsettings node

  3. Edit "allowedAudiences" like below

    "allowedAudiences": [ "https://xxxx.azurewebsites.net", "https://management.core.windows.net/" ],