Azure Blob Storage "Authorization Permission Mismatch" error for get request with AD token

Question

I am building an Angular 6 application that will be able to make CRUD operation on Azure Blob Storage. I'm however using postman to test requests before implementing them inside the app and copy-pasting the token that I get from Angular for that resource.

When trying to read a file that I have inside the storage for test purposes, I'm getting: <Code>AuthorizationPermissionMismatch</Code> <Message>This request is not authorized to perform this operation using this permission.

• All in production environment (although developing)
• Token acquired specifically for storage resource via Oauth
• Postman has the token strategy as "bearer "
• Application has "Azure Storage" delegated permissions granted.
• Both the app and the account I'm acquiring the token are added as "owners" in azure access control IAM
• My IP is added to CORS settings on the blob storage.
• StorageV2 (general purpose v2) - Standard - Hot
• x-ms-version header used is: 2018-03-28 because that's the latest I could find and I just created the storage account.

Answer 1

I found it's not enough for the app and account to be added as owners. I would go into your storage account > IAM > Add role assignment, and add the special permissions for this type of request:

• Storage Blob Data Contributor
• Storage Queue Data Contributor