Cloud Shell: pac auth create with Managed Identity
rajyraman opened this issue · comments
I ran pac from Azure Cloud Shell and got the following error when I tried to create a new auth profile with managed identity flag.
{
"error": {
"code": "AudienceNotSupported",
"message": "Audience https://service.powerapps.com/ is not a supported MSI token audience. Supported audiences: https://management.core.windows.net/,https://management.azure.com/,https://graph.windows.net/,https://vault.azure.net,cfa8b339-82a2-471a-a3c9-0fc0be7a4093,https://datalake.azure.net/,https://outlook.office365.com/,https://graph.microsoft.com/,00000003-0000-0000-c000-000000000000,https://batch.core.windows.net/,https://analysis.windows.net/powerbi/api,https://storage.azure.com/,https://rest.media.azure.net,https://api.loganalytics.io,https://ossrdbms-aad.database.windows.net,https://www.yammer.com,https://digitaltwins.azure.net,0b07f429-9f4b-4714-9392-cc5e8e80c8b0,822c8694-ad95-4735-9c55-256f7db2f9b4,https://dev.azuresynapse.net,https://database.windows.net,https://quantum.microsoft.com,https://iothubs.azure.net,2ff814a6-3304-4ab8-85cb-cd0e6f879c1d,https://azuredatabricks.net/,ce34e7e5-485f-4d76-964f-b3d2b16d1e4f,https://azure-devices-provisioning.net,https://managedhsm.azure.net,499b84ac-1321-427f-aa17-267ca6975798,https://api.adu.microsoft.com/,https://purview.azure.net/,6dae42f8-4368-4678-94ff-3960e28e3630,https://cognitiveservices.azure.com,48ac35b8-9aa8-4d74-927d-1f4a14a0b239,46da2f7e-b5ef-422a-88d4-2a7f9de6a0b2,https://pki.azure.net"
}
}
It looks like Azure Cloud Shell specifically limits which audiences their managed identity can use, all of which are returned within that error message.
You may have luck with opening an issue in their Azure/CloudShell repo as some previous users have (e.g., Azure/CloudShell#109), but there's nothing we can help with on our side.