I am trying to set up a service with azure functions so that other special app registrations can call it and have special access to read anything. I'm just starting, so I thought I would have my service simply authenticate against itself like this:
var myAppId = "8d87ba47-3b51-4e24-a790-a966a0130ceb";
var authenticationContext = new AuthenticationContext(Settings.AadTenant, false);
var clientAssertionCertificate = new ClientAssertionCertificate(myAppId, ApplicationCertificate);
return authenticationContext.AcquireTokenAsync(myAppId, clientAssertionCertificate).Result.AccessToken;
When I run this, I get the following error:
Application '8d87ba47-3b51-4e24-a790-a966a0130ceb' is not assigned to a role for the application '8d87ba47-3b51-4e24-a790-a966a0130ceb'.
I know I've got everything wired up right because the tenant recognizes all of the Id's, so the problem is likely in my App Registration's manifest. But I think I have set up my app's manifest correctly:
"appId": "8d87ba47-3b51-4e24-a790-a966a0130ceb",
"appRoles": [
{
"allowedMemberTypes": [ "Application" ],
"description": "Some services can have global access",
"displayName": "ProductivityService Auth",
"id": "8d87ba47-3b51-4e24-a790-a966a0130ceb",
"isEnabled": true,
"value": "GlobalReadAccess"
}
],
I am at a loss of what to do at this point. I'm not exactly sure what should go in the "value" parameter, but I cannot find any details information about the parameters inside "appRoles" and the examples I've found are geared to authorizing users. I've tried "Reader" and "Writer" but same result. Ideas?