To Reproduce
curl 'http://localhost:50342/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fazconfig.io%2F' -H Metadata:true
Observed Behavior
{"error":{"code":"AudienceNotSupported","message":"Audience https://azconfig.io/ is not a supported MSI token audience."}}
Expected behavior
An access token is returned.
Is this specific to Cloud Shell?
This is Cloud Shell-specific and looks like limitation #1 stated in https://edyoung.github.io/blog/cloud_shell_auth/, which suggests filing an issue against this repository can get this scope allowlisted.
Interface information
Edge (Stable Channel) on Windows 11
Additional context
https://azconfig.io (and i believe also https://your-config-store-name.azconfig.io) are audiences used by Azure App Configuration: https://learn.microsoft.com/en-us/azure/azure-app-configuration/rest-api-authentication-azure-ad#audience. As it stands now, this issue blocks using the App Configuration REST API or Client SDKs from cloud shell.
To Reproduce
Observed Behavior
Expected behavior
An access token is returned.
Is this specific to Cloud Shell?
This is Cloud Shell-specific and looks like limitation #1 stated in https://edyoung.github.io/blog/cloud_shell_auth/, which suggests filing an issue against this repository can get this scope allowlisted.
Interface information
Edge (Stable Channel) on Windows 11
Additional context
https://azconfig.io (and i believe also https://your-config-store-name.azconfig.io) are audiences used by Azure App Configuration: https://learn.microsoft.com/en-us/azure/azure-app-configuration/rest-api-authentication-azure-ad#audience. As it stands now, this issue blocks using the App Configuration REST API or Client SDKs from cloud shell.