MSAL cannot get token with DataExplorer permission

Question

I were going thru MSAL with React and followed this page: https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-react

Although it works fine with graphapi and asking /me, I decided to try other API permissions. So I created permission for Storage Account, used scope provided. It works. But then, I created API permission to Data Explorer, used again scope provided but that token I cannot retrieve.

I request only scope needed for API permission, not combined with anything else. In all, Graph, Storage and DataExplorer, requesting code is same as in that tutorial document.

When requesting DataExplorer token I get error:

AADSTS500011: The resource principal named  was not found in the tenant named xxxx. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.  

Why DataExplorer token request does not succeed?

Answer 1

Hi @jop ,

Thanks for reaching out.

I understand you are trying to get access token for Azure Data Explorer in the same way you are getting access token for other resources, but unable to get the access token for Data Explorer.

There are couple of reasons for this particular error. In this case, it seems service principal has not been granted to Azure Data Explorer database.

Once application has been registered and granted delegated permission, you need to grant the corresponding service principal access to your Azure Data Explorer database using Azure Data Explorer.

Reference: https://learn.microsoft.com/en-us/azure/data-explorer/provision-azure-ad-app

Hope this will help.

Thanks,

---------------------------

Please remember to "Accept Answer" if answer helped you.