Azure Functions
An Azure service that provides an event-driven serverless compute platform.
Getting wrong assertion issuer - sts.windows.net instead of login.microsoftonline.com
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 4%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
Devansh Agarwal
25
Reputation points
We had generated a token for a managed identity using the following code in Azure Function App -
const { ManagedIdentityCredential } = require('@azure/identity');
module.exports = async function (context, req) {
context.log('JavaScript HTTP trigger function processed a request.');
const clientId = req.query.clientId;
const resource = req.query.resource;
if (!clientId || !resource) {
context.res = {
status: 400,
body: "Please pass clientId and resource on the query string"
};
return;
}
try {
const credential = new ManagedIdentityCredential(clientId);
const tokenResponse = await credential.getToken(resource);
context.res = {
status: 200,
body: tokenResponse.token
};
} catch (error) {
context.res = {
status: 500,
body: `Error acquiring token: ${error.message}`
};
}
};
This managed identity is added as a federated credential in the App Registration. We use the token generated by the above code to make a call to the endpoint of the app registration ([https://login.microsoftonline.com/
Azure Functions
Microsoft Security | Microsoft Entra | Other
Microsoft Security | Microsoft Entra | Other
Additional Microsoft Entra services and features related to identity, access, and network security
Sign in to answer