"Unauthorized" when invoking an API App from Azure Scheduler with Azure AD OAuth authentication

Question

I have an API App which I have secured with Azure Active Directory authentication. Actions of this API App I want to invoke with Azure Scheduler. I entered tenant id, client id & secret into the Scheduler action.

When I schedule or run the job I get:

Http Action - Response from host 'xxxx.azurewebsites.net': 'Unauthorized'

Diagnostic application log gives me:

JWT validation failed: IDX10214: Audience validation failed. Audiences:
'https://management.core.windows.net/'. Did not match:
validationParameters.ValidAudience: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' or    
validationParameters.ValidAudiences: 'https://xxxx.azurewebsites.net'.

score 5 · Accepted Answer · edited May 23 '17 at 12:02

5

After some digging I found this somehow related entry.

So I really got into the Resource Explorer, down to the authsettings node of my API App and added the missing audience entry:

"allowedAudiences": [
  "https://xxxx.azurewebsites.net",
  "https://management.core.windows.net/"
],

Problem solved.

edited May 23 '17 at 12:02

Community

1
1

answered Apr 27 '16 at 20:07

Kai Walter

3,485
2
32
62

This worked for me. Specifically, adding the entry "https://management.core.windows.net/" got the scheduler to successfully authenticate. – Chris Matthews Nov 15 '16 at 18:21

"Unauthorized" when invoking an API App from Azure Scheduler with Azure AD OAuth authentication

1 Answers1

Linked