“未经授权"使用Azure AD OAuth身份验证从Azure Scheduler调用API应用时 [英] "Unauthorized" when invoking an API App from Azure Scheduler with Azure AD OAuth authentication

问题描述

我有一个已通过Azure Active Directory身份验证保护的API应用程序.我想使用Azure Scheduler调用的此API应用程序的操作.我输入了租户ID，客户ID和进入计划程序"操作的机密.

I have an API App which I have secured with Azure Active Directory authentication. Actions of this API App I want to invoke with Azure Scheduler. I entered tenant id, client id & secret into the Scheduler action.

当我安排或执行工作时，我得到:

When I schedule or run the job I get:

Http Action - Response from host 'xxxx.azurewebsites.net': 'Unauthorized'

诊断应用程序日志给我:

Diagnostic application log gives me:

JWT validation failed: IDX10214: Audience validation failed. Audiences:
'https://management.core.windows.net/'. Did not match:
validationParameters.ValidAudience: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' or    
validationParameters.ValidAudiences: 'https://xxxx.azurewebsites.net'.

推荐答案

经过一番挖掘，我发现

After some digging I found this somehow related entry.

所以我真的进入了资源浏览器，一直到我的API应用程序的authsettings节点，并添加了缺少的受众条目:

So I really got into the Resource Explorer, down to the authsettings node of my API App and added the missing audience entry:

"allowedAudiences": [
  "https://xxxx.azurewebsites.net",
  "https://management.core.windows.net/"
],

问题解决了.

这篇关于“未经授权"使用Azure AD OAuth身份验证从Azure Scheduler调用API应用时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！