This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 65%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHC%3C/text%3E%3C/svg%3E)
I'm trying to use an Azure AD App Registration to authenticate with Azure Maps using an auth token. The application has the Azure Maps Data Contributor role on the Azure Maps Account resource. I'm able to get a Bearer token from that app but when I try to use the token in a REST request I get 401 Unauthorized.
https://atlas.microsoft.com/search/address/search/json?api-version-1.0&query=400 Bread St, Seattle, WA 98109
Headers:
x-ms-client-id: <maps account client id>
Authorization: Bearer <AAD App Token>
Is it possible to authenticate using a App Registrations?
There are also two helpful blogs at https://techcommunity.microsoft.com/t5/azure-maps-blog/bg-p/AzureMapsBlog
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 38%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQ%3C/text%3E%3C/svg%3E)
Hello Harry Cantor
Just checking in to see if the answer helped. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Turns out the issue was my scope for the Token request. It needed to be https://atlas.microsoft.com/.default
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 74%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Harry Cantor Welcome to Microsoft Q&A forum!
Is it possible to authenticate using a App Registrations?
Yes, it is possible to authenticate using an Azure AD App Registration.
I'm trying to use an Azure AD App Registration to authenticate with Azure Maps using an auth token. The application has the Azure Maps Data Contributor role on the Azure Maps Account resource
Are you following any documentation for the steps to configure Azure AD authentication to your app?
Please check Authentication with Azure Maps to know more about different ways to authenticate requests incase if you haven't checked earlier.
I'm able to get a Bearer token from that app but when I try to use the token in a REST request I get 401 Unauthorized.
The error message you are getting suggests that the token you are using might not have the necessary permissions to access the Azure Maps API.
Can you confirm if you have obtained an access token for the Azure Maps API by sending a POST request to the Azure AD token endpoint with the required parameters, including the App Registration's client ID and secret?
I understand that you have provided, Azure Maps Data Contributor role on the Azure Maps Account. Azure Maps services may require elevated privileges to perform some actions on Azure Maps REST APIs.
The following role definition types exist to support application scenarios.
I would suggest you to check Secure a web application with user sign-in you need to configure the web application to call Azure Maps REST APIs by configuring the app registration with an application secret. The app registration certificate or secret should be stored in a secure store for the web application to retrieve to authenticate to Azure AD.
If you need further help in this matter, please comment in the below section and we are happy to discuss!
If this answers your query, do click Accept Answer and Yes for this answer as helpful. And, if you have any further query do let us know by commenting in the below section.
Hi Ashok
Thanks for replying. I am following the documentation to configure Azure AD authentication. I have looked at Secure a web application with user sign-in and added the Azure Maps user_impersonation permission to the App Registration but still having the same error. I already have it configured with a a client secret.
This is my request to get the access token, which does return a bearer token but the token doesn't work when authenticating with Azure Maps.
$params = @{ scope = "https://management.azure.com/.default"; grant_type = 'client_credentials'; client_id = '<app registration id>'; client_secret = '<app registration secret>'; }
Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/<Tenant ID>/oauth2/v2.0/token" -Body $params