You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are currently working on a .net web api project that will be deployed into AKS and we are using workload identity with managed identity federation. In our api, we need to call a downstream api. I'm wondering do we have to use the client secret or certificate to authenticate our app in order to call downstream api? Can we use below configuration in our appsetting.json so that we don't have to rely on any secret or certificate. I tried this in our local kind cluster, but we are getting below error. Any help is greatly appreciated. Thank you!
{"error":"invalid_client","error_description":"AADSTS700222: AAD-issued tokens may not be used for federated identity flows.\r\nTrace ID: xxxxxxxxx\r\nCorrelation ID: xxxxxxxxxxxxxx\r\nTimestamp: 2023-10-11 21:02:40Z","error_codes":[700222],"timestamp":"2023-10-11 21:02:40Z","trace_id":"xxxxxxxxxxxxxxxxxxx","correlation_id":"xxxxxxxxxxxxxxxxxxxx","error_uri":" https://login.microsoftonline.com/error?code=700222"}
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
We are currently working on a .net web api project that will be deployed into AKS and we are using workload identity with managed identity federation. In our api, we need to call a downstream api. I'm wondering do we have to use the client secret or certificate to authenticate our app in order to call downstream api? Can we use below configuration in our appsetting.json so that we don't have to rely on any secret or certificate. I tried this in our local kind cluster, but we are getting below error. Any help is greatly appreciated. Thank you!
"AzureAd": {
"Instance": "https://login.microsoftonline.com",
"TenantId": "xxxxxxxxx",
"ClientId": "xxxxxxx",
"Audience": "xxxxxxxx",
"ClientCredentials": [
{
"SourceType": "SignedAssertionFromManagedIdentity"
}
]
}
{"error":"invalid_client","error_description":"AADSTS700222: AAD-issued tokens may not be used for federated identity flows.\r\nTrace ID: xxxxxxxxx\r\nCorrelation ID: xxxxxxxxxxxxxx\r\nTimestamp: 2023-10-11 21:02:40Z","error_codes":[700222],"timestamp":"2023-10-11 21:02:40Z","trace_id":"xxxxxxxxxxxxxxxxxxx","correlation_id":"xxxxxxxxxxxxxxxxxxxx","error_uri":"
https://login.microsoftonline.com/error?code=700222"}
Beta Was this translation helpful? Give feedback.
All reactions