Hi @Ahmed Bltagy ,
Thanks for reaching out.
I understand that you are trying to get an access token to create different resources in Azure and getting the error that your access token is not authorized to perform the action.
Access tokens enable clients to securely call APIs. (Rest API in this scenarios).
To create resource group:
If you are signing in as yourself (i.e. with a signed-in user), then the scope
value you want to request is https://management.azure.com/user_impersonation
. After signing in (and granting consent, if needed), access to Azure resources will be dependent on the permissions of the signed-in user. When the client requests an access token, the Microsoft identity platform also returns some metadata about the access token for the consumption of the application. This information includes the scopes for which it's valid.
If you are trying to get the access token on behalf of user (by sign-in user using their credentials), then the scope value you want to request is https://management.azure.com/user_impersonation
. You can decode the access token using jwt.ms to check the audience and scopes claims of the token. Access to Azure resources will be dependent on the permissions of the signed-in user. In this scenario you need to provide delegated permissions and require getting the token using Authorization grant flow.
If instead this is server to server call (without user interaction), then you need to assign application permission to the application registered in the portal and can simply use the client credentials flow with "place-holder" scope parameter value https://management.azure.com/.default
(as a way of indicating that you want an access token to https://management.azure.com
). (require creating resource group using REST APIs)
Reference: https://learn.microsoft.com/en-us/rest/api/resources/resource-groups/create-or-update?tabs=HTTP
create new azure app plan:
https://learn.microsoft.com/en-us/rest/api/appservice/app-service-plans/create-or-update?tabs=HTTP
create new azure web app:
https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update
create new azure database:
https://learn.microsoft.com/en-us/rest/api/sql/rest-api-sql-create-or-update-database
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.