azuredevopslabs icon indicating copy to clipboard operation
azuredevopslabs copied to clipboard
verified publisher icon microsoft

Error creating ACR Service connection with Service Principal Bearer token

Open XtratusCloud opened this issue 2 years ago • 2 comments

Executing the following request to the Azure DevOps REST API for the creation of a Service Connection of type ACR, the endpoint fails with the error "A valid refresh token for identity 1fd109e5-3592-7532-7532-9201-1b545d36bdb2 was not found."

POST: https://dev.azure.com/{{organization}}/{{projectName}}/_apis/serviceendpoint/endpoints/?api-version=7.1-preview.4 Headers:

  • Authentication: Bearer {{ServicePrincipalAccessToken}} Request Body: { "data": { "registryId": "/subscriptions/{{subscriptionId}}/resourceGroups/{{resourceGroup}}/providers/Microsoft.ContainerRegistry/registries/{{acrName}}", "registrytype": "ACR", "subscriptionId": "{{subscriptionId}}", "subscriptionName": "{{subscriptionName}}" }, "name": "{{acrName}}", "type": "dockerregistry", "url": "https://{{acrName}}.azurecr.io", "description": "ACR Service Connection for {{acrName}}.", "authorization": { "parameters": { "loginServer": "acrwecterratest01.azurecr.io", "scope": "/subscriptions/{{subscriptionId}}/resourceGroups/{{resourceGroup}}/providers/Microsoft.ContainerRegistry/registries/{{acrName}}", "role": "8311e382-0749-4cb8-b61a-304f252e45ec", "authenticationType": "spnKey", "tenantId": "{{tenantId}}" }, "scheme": "ServicePrincipal" }, "isShared": false, "owner": "library", "serviceEndpointProjectReferences": [ { "projectReference": { "id": "{{projectId}}", "name": "{{projectName}}" }, "name": "{{acrName}}", "description": "ACR Service Connection for {{acrName}}." } ] }

Making the request with an Access Token from an Azure AD user, the request works correctly. In both cases, the credentials used have the following permissions (as at least).:

  • Application Administrator role in Azure AD.
  • Member of Endpoint Creator group in DevOps Project
  • User Access Administrator role in Azure subscription.

XtratusCloud avatar Aug 29 '23 06:08 XtratusCloud

Hi @XtratusCloud, Will you please let us know which lab from Azuredevopslabs page you are pointing to?. This will help us to provide you inputs on the concern

surajshenoy avatar Oct 30 '23 12:10 surajshenoy

Hi @surajshenoy, the request and the issue reported is related to the DevOps REST API, and not related with Azuredevopslabs. Probably I have opened the incident in the wrong place.

XtratusCloud avatar Oct 30 '23 13:10 XtratusCloud