Azure ARM API Authentication error while trying to create Token with read only account(i.e Reader Permission)

0
votes

Hi i have written a java application using the Azure ARM Rest API where in it first creates token using the TenantID,ClientID,Username,Password and then gets all the subscription for that account and we try to monitor the same. The issue is when i try this with owner account details it works fine but with reader account it says

java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID '979aca5c-0be5-4727-aa08-07b3f59deb07'. Send an interactive authorization request for this user and resource.\r\nTrace ID: 92315ce1-58df-4024-a571-d255d9254900\r\nCorrelation ID: 35f1870a-c994-47c0-a53f-b709272a9cac\r\nTimestamp: 2017-06-28 10:12:50Z","error":"invalid_grant"}

While generating token.

2
azureazure-active-directoryazure-resource-manager

2 Answers

0
votes

Seems you are using resource owner grant flow(via Username/Password) to acquire a token , with this flow users do not have any opportunity of providing consent if username & password are passed directly. Please check the Limitations of resource owner flow here .If you are the tenant admin, you can consent for all users through admin consent. To do admin consent, please navigate to the Azure Portal and go to App Registration. Inside your app's blade, hit Grant Permissions.

0
votes

I found what was the issue, if we have readonly account then we need to create a native application using that account and grant permissions.Once i did this and used readonly credentials and the newly created clientid and ran my code it started working.