Can't get access token for custom AD Application
Running az account get-access-token --resource '<APP ID Uri>'
from local CLI, you are trying to get token from '<APP ID Uri>'
using Azure CLI, which client ID is exactly 04b07795-8ddb-461a-bbee-02f9e1bf7b46
.
To handle this you could go to:Azure Active Directory → App registrations → {your app} → Expose an API → Add client application with:
ID:
04b07795-8ddb-461a-bbee-02f9e1bf7b46
Authorized scopes: check
'<APP ID Uri>'
To make sure you have right ID you could run az account get-access-token
paste token to jwt.io and find value of "appid"
.
I can reproduce your issue with a --resource '<APP ID Uri>'
, if I login cli with a user account.
If I login with a service principal, it works fine.
You could try to login azure cli with a service principal, refer to this link.