I have Azure App Registration with active secret.
I'm trying to obtain token using v1.0 like below (clientId
is an ID of the above App Registration)
$body = @{
grant_type = 'client_credentials';
client_id = $clientId;
client_secret = $clientSecret;
resource = $resourceId;
}
$aadResponse = Invoke-WebRequest -Uri "https://login.microsoftonline.com/$aadtenantId/oauth2/token" -Method POST -Body $body -UseBasicParsing
After regenerating credential using az ad app credential reset --id XXX
everything works as expected - token is properly obtained.
However, in Azure Devops I got the following error while getting values from KV
Then I'm going to Azure Devops Service Connection and with edit
, verify
and save
I'm able to connect with KV without any further changes.
However, this action breaks initially working get of token (as described above).
I'm 100% sure:
- Password is correct
- I'm really using a password, not its id
- Encoding password doesn't help
- There is no other action except
verify
service connection - I'm using Failed to obtain the JWT by using the service principal client ID as a reference to Service Connections
What am I doing wrong?
I can also reproduce your issue on my side.
After regenerating the client secret with
az ad app credential reset --id XXX
, I suppose you should get the error as below when you click theVerify
in your service connectionAzure Resource Manager using service principal (automatic)
.As shown on the service connection page, you created it with the automatic way, if you regenerate the client secret, you need to create a new service connection with the manual way to solve the issue.
You can obtain the values on the keyvault page and your AAD App page. For the
Service principal key
, it is the client secret you regenerated, you could not get it again if you didn't save it, if so, you need to regenerate a new one.After fixing the values, verify and save.
Then use the new service connection in the
AzureKeyVault@2
task, it works fine.