how to authenticate to Azure time series insights query API?











up vote
0
down vote

favorite












I keep getting a AuthenticationFailed error with a InvalidAuthenticationTokenAudience inner error when attempting to query the /environments endpoint.



I have already created an app in the Azure Active Directory, given it access in the time series insights management portal and I can already get an Oauth 2.0 Access token from the auth URL.



I have tried giving the token url the 'https://api.timeseries.azure.com/' resource/audience/scope but the API keeps returning the same error message:




{
"error": {
"code": "AuthenticationFailed",
"message": "Server failed to authenticate the request. The token has been obtained from wrong audience or resource.",
"innerError": {
"code": "InvalidAuthenticationTokenAudience",
"message": "The access token has been obtained from wrong audience or resource '00000002-0000-0000-c000-000000000000'. It should
exactly match (including forward slash) with one of the allowed
audiences 'https://api.timeseries.azure.com/'."
}
} }




I'm using Postman with the Oauth 2.0 authentication type, the client credentials Grant Type and send as basic Auth Header option for the token request.



Has anyone tried this with success?



Update 01:
The decoded (using JWT as suggested in comments) payload portion of one of the tokens shows the that the aud field is 00000002-0000-0000-c000-000000000000. Which is definitely wrong.










share|improve this question
























  • Could you decode your access token in jwt.io and provide the result in your question?
    – Joy Wang
    Nov 8 at 3:03










  • @JoyWang The aud field has the wrong value (see question Update 01), but what else do you want to know from the decoded token?
    – pablete
    Nov 8 at 12:43















up vote
0
down vote

favorite












I keep getting a AuthenticationFailed error with a InvalidAuthenticationTokenAudience inner error when attempting to query the /environments endpoint.



I have already created an app in the Azure Active Directory, given it access in the time series insights management portal and I can already get an Oauth 2.0 Access token from the auth URL.



I have tried giving the token url the 'https://api.timeseries.azure.com/' resource/audience/scope but the API keeps returning the same error message:




{
"error": {
"code": "AuthenticationFailed",
"message": "Server failed to authenticate the request. The token has been obtained from wrong audience or resource.",
"innerError": {
"code": "InvalidAuthenticationTokenAudience",
"message": "The access token has been obtained from wrong audience or resource '00000002-0000-0000-c000-000000000000'. It should
exactly match (including forward slash) with one of the allowed
audiences 'https://api.timeseries.azure.com/'."
}
} }




I'm using Postman with the Oauth 2.0 authentication type, the client credentials Grant Type and send as basic Auth Header option for the token request.



Has anyone tried this with success?



Update 01:
The decoded (using JWT as suggested in comments) payload portion of one of the tokens shows the that the aud field is 00000002-0000-0000-c000-000000000000. Which is definitely wrong.










share|improve this question
























  • Could you decode your access token in jwt.io and provide the result in your question?
    – Joy Wang
    Nov 8 at 3:03










  • @JoyWang The aud field has the wrong value (see question Update 01), but what else do you want to know from the decoded token?
    – pablete
    Nov 8 at 12:43













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I keep getting a AuthenticationFailed error with a InvalidAuthenticationTokenAudience inner error when attempting to query the /environments endpoint.



I have already created an app in the Azure Active Directory, given it access in the time series insights management portal and I can already get an Oauth 2.0 Access token from the auth URL.



I have tried giving the token url the 'https://api.timeseries.azure.com/' resource/audience/scope but the API keeps returning the same error message:




{
"error": {
"code": "AuthenticationFailed",
"message": "Server failed to authenticate the request. The token has been obtained from wrong audience or resource.",
"innerError": {
"code": "InvalidAuthenticationTokenAudience",
"message": "The access token has been obtained from wrong audience or resource '00000002-0000-0000-c000-000000000000'. It should
exactly match (including forward slash) with one of the allowed
audiences 'https://api.timeseries.azure.com/'."
}
} }




I'm using Postman with the Oauth 2.0 authentication type, the client credentials Grant Type and send as basic Auth Header option for the token request.



Has anyone tried this with success?



Update 01:
The decoded (using JWT as suggested in comments) payload portion of one of the tokens shows the that the aud field is 00000002-0000-0000-c000-000000000000. Which is definitely wrong.










share|improve this question















I keep getting a AuthenticationFailed error with a InvalidAuthenticationTokenAudience inner error when attempting to query the /environments endpoint.



I have already created an app in the Azure Active Directory, given it access in the time series insights management portal and I can already get an Oauth 2.0 Access token from the auth URL.



I have tried giving the token url the 'https://api.timeseries.azure.com/' resource/audience/scope but the API keeps returning the same error message:




{
"error": {
"code": "AuthenticationFailed",
"message": "Server failed to authenticate the request. The token has been obtained from wrong audience or resource.",
"innerError": {
"code": "InvalidAuthenticationTokenAudience",
"message": "The access token has been obtained from wrong audience or resource '00000002-0000-0000-c000-000000000000'. It should
exactly match (including forward slash) with one of the allowed
audiences 'https://api.timeseries.azure.com/'."
}
} }




I'm using Postman with the Oauth 2.0 authentication type, the client credentials Grant Type and send as basic Auth Header option for the token request.



Has anyone tried this with success?



Update 01:
The decoded (using JWT as suggested in comments) payload portion of one of the tokens shows the that the aud field is 00000002-0000-0000-c000-000000000000. Which is definitely wrong.







azure azure-active-directory postman azure-timeseries-insights






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 8 at 12:41

























asked Nov 7 at 19:20









pablete

135311




135311












  • Could you decode your access token in jwt.io and provide the result in your question?
    – Joy Wang
    Nov 8 at 3:03










  • @JoyWang The aud field has the wrong value (see question Update 01), but what else do you want to know from the decoded token?
    – pablete
    Nov 8 at 12:43


















  • Could you decode your access token in jwt.io and provide the result in your question?
    – Joy Wang
    Nov 8 at 3:03










  • @JoyWang The aud field has the wrong value (see question Update 01), but what else do you want to know from the decoded token?
    – pablete
    Nov 8 at 12:43
















Could you decode your access token in jwt.io and provide the result in your question?
– Joy Wang
Nov 8 at 3:03




Could you decode your access token in jwt.io and provide the result in your question?
– Joy Wang
Nov 8 at 3:03












@JoyWang The aud field has the wrong value (see question Update 01), but what else do you want to know from the decoded token?
– pablete
Nov 8 at 12:43




@JoyWang The aud field has the wrong value (see question Update 01), but what else do you want to know from the decoded token?
– pablete
Nov 8 at 12:43












1 Answer
1






active

oldest

votes

















up vote
3
down vote



accepted










Based on the exception, it indicates that the resource is not matching https://api.timeseries.azure.com/ when acquire the access token.



So please make sure that the resource is https://api.timeseries.azure.com/, for more information please refer to the screenshot.



Get access token



enter image description here



I test Get environments API, it works correctly for me.



GET https://api.timeseries.azure.com/environments?api-version=2016-12-12


enter image description here






share|improve this answer





















  • Great it works. I was using postman's infrastructure to handle the token request and the subsequent call to the API. I was providing the resource value into the 'Scope' field of the Oauth 2 get new access token form of postman. I I were to use those, where should I include the resources I'm trying to get a token for?
    – pablete
    Nov 8 at 12:30











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53196356%2fhow-to-authenticate-to-azure-time-series-insights-query-api%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
3
down vote



accepted










Based on the exception, it indicates that the resource is not matching https://api.timeseries.azure.com/ when acquire the access token.



So please make sure that the resource is https://api.timeseries.azure.com/, for more information please refer to the screenshot.



Get access token



enter image description here



I test Get environments API, it works correctly for me.



GET https://api.timeseries.azure.com/environments?api-version=2016-12-12


enter image description here






share|improve this answer





















  • Great it works. I was using postman's infrastructure to handle the token request and the subsequent call to the API. I was providing the resource value into the 'Scope' field of the Oauth 2 get new access token form of postman. I I were to use those, where should I include the resources I'm trying to get a token for?
    – pablete
    Nov 8 at 12:30















up vote
3
down vote



accepted










Based on the exception, it indicates that the resource is not matching https://api.timeseries.azure.com/ when acquire the access token.



So please make sure that the resource is https://api.timeseries.azure.com/, for more information please refer to the screenshot.



Get access token



enter image description here



I test Get environments API, it works correctly for me.



GET https://api.timeseries.azure.com/environments?api-version=2016-12-12


enter image description here






share|improve this answer





















  • Great it works. I was using postman's infrastructure to handle the token request and the subsequent call to the API. I was providing the resource value into the 'Scope' field of the Oauth 2 get new access token form of postman. I I were to use those, where should I include the resources I'm trying to get a token for?
    – pablete
    Nov 8 at 12:30













up vote
3
down vote



accepted







up vote
3
down vote



accepted






Based on the exception, it indicates that the resource is not matching https://api.timeseries.azure.com/ when acquire the access token.



So please make sure that the resource is https://api.timeseries.azure.com/, for more information please refer to the screenshot.



Get access token



enter image description here



I test Get environments API, it works correctly for me.



GET https://api.timeseries.azure.com/environments?api-version=2016-12-12


enter image description here






share|improve this answer












Based on the exception, it indicates that the resource is not matching https://api.timeseries.azure.com/ when acquire the access token.



So please make sure that the resource is https://api.timeseries.azure.com/, for more information please refer to the screenshot.



Get access token



enter image description here



I test Get environments API, it works correctly for me.



GET https://api.timeseries.azure.com/environments?api-version=2016-12-12


enter image description here







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 8 at 6:14









Tom Sun

15.9k2921




15.9k2921












  • Great it works. I was using postman's infrastructure to handle the token request and the subsequent call to the API. I was providing the resource value into the 'Scope' field of the Oauth 2 get new access token form of postman. I I were to use those, where should I include the resources I'm trying to get a token for?
    – pablete
    Nov 8 at 12:30


















  • Great it works. I was using postman's infrastructure to handle the token request and the subsequent call to the API. I was providing the resource value into the 'Scope' field of the Oauth 2 get new access token form of postman. I I were to use those, where should I include the resources I'm trying to get a token for?
    – pablete
    Nov 8 at 12:30
















Great it works. I was using postman's infrastructure to handle the token request and the subsequent call to the API. I was providing the resource value into the 'Scope' field of the Oauth 2 get new access token form of postman. I I were to use those, where should I include the resources I'm trying to get a token for?
– pablete
Nov 8 at 12:30




Great it works. I was using postman's infrastructure to handle the token request and the subsequent call to the API. I was providing the resource value into the 'Scope' field of the Oauth 2 get new access token form of postman. I I were to use those, where should I include the resources I'm trying to get a token for?
– pablete
Nov 8 at 12:30


















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53196356%2fhow-to-authenticate-to-azure-time-series-insights-query-api%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







這個網誌中的熱門文章

Xamarin.form Move up view when keyboard appear

Post-Redirect-Get with Spring WebFlux and Thymeleaf

Anylogic : not able to use stopDelay()