I'm attempting to use DeviceUpdateClient (Azure.IoT.DeviceUpdate) to query Device Update for IoT Hub.
I'm using the basic hello world example and ClientSecretCredential to get a token for authentication.
I have registered a client application in Azure AD and then granted that account Contributor access to Device Update for IoT Hub and the IoT hub itself.
The token authentication from Azure is working correctly.
When I follow the example and query the providers, I encounter a 403 error. Code and details are below.
Code
Uri endpoint = new Uri("https://xxx-xxx-xxx-xx.api.adu.microsoft.com");
string instanceId = "xxx-xxx-Devicexxx-POC";
TokenCredential credentials = new ClientSecretCredential("xxx-xxx-xxx-xx-xxx", "xxx-xx-xx-xx-xx", "xx~xx.xx.xx-xx");
DeviceUpdateClient client = new DeviceUpdateClient(endpoint, instanceId, credentials);
Pageable<BinaryData> providers = client.GetProviders();
foreach (var provider in providers)
{
JsonDocument doc = JsonDocument.Parse(provider.ToMemory());
Console.WriteLine(doc.RootElement.GetString());
}
Console.Read();
Error
Service request failed.
Status: 403 (Forbidden)
Headers:
api-supported-versions: REDACTED
traceparent: xxx
Content-Length: 0
Date: Wed, 02 Aug 2023 10:28:58 GMT
This exception was originally thrown at this call stack:
Azure.Core.HttpPipelineExtensions.ProcessMessage(Azure.Core.Pipeline.HttpPipeline, Azure.Core.HttpMessage, Azure.RequestContext, System.Threading.CancellationToken)
Azure.IoT.DeviceUpdate.DeviceUpdateClient.GetProvidersImplementation.__CreateEnumerable|0(string, int?)
Azure.Core.PageableHelpers.EnumerableWithScope<T>.Enumerator.MoveNext()
What am I doing wrong?
For anyone else who comes across this
The role associated with the app registration needs to be Device Update Administrator