management.azure.com/providers/Microsoft.Capacity/reservationOrders PassthroughTokenValidationFailed Error
I'm trying to list reservation orders for a dummy customer on microsoft azure portal sandbox. The customer has already an azure plan and a reserved instance subscription. I was able to consent the application with which I try to access GET: https://management.azure.com/providers/Microsoft.Capacity/reservationOrders?api-version={{api_version}} All of the relevant permissions are granted to the application accessing my tenant's directory.
I'm also able to get an authentication token. But when I request the URL in the title, I get the following error:
{
"error": {
"code": "PassthroughTokenValidationFailed",
"message": "Token validation failed. A passthrough token was detected without proper resource provider context - request correlation identifier 'correlation id'"
}
}
Any ideas about this kind of error ? I did not find any relevant resources neither on microsoft forums nor here.
I tried to get a token from my customer azure AD. Which I did. I expected the token to work properly. But it didn't. Getting "PassthroughTokenValidationFailed" when prompting a GET api from Microsoft.Capacity
The error "PassthroughTokenValidationFailed" usually occurs due to passthrough sign-ins that is if the user does not have the access to the tenant. Refer this MsDoc.
I created an Azure AD application and granted API permissions:
I tried to login with the user account that exists in the tenant:
Generated access token via Postman by using below parameters:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
grant_type:authorization_code
scope:https://management.azure.com/user_impersonation
code:code
redirect_uri:https://jwt.ms
client_secret:ClientSecret
Make sure to decode the access token and check the below:
If still the issue persists, check the below:
- Assign reader role to the user you are using to sign-in.
- Or assign reader role to the service principal.
- Make use of other user account to generate the token and call the API.
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday