Share via

Does the provided "access_cosmos_with_aad.py" sample works for Cosmosdb for MongoDB API?

Jeffrey Mak 0 Reputation points
2025-01-15T20:00:08.99+00:00

Does the CosmosClient class allow authentication to Cosmosdb for MongoDB API?
I tried using it but come back with the error:

https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/cosmos/azure-cosmos/samples/access_cosmos_with_aad.py

Authentication failed: AADSTS500011: The resource principal named https://https://xxxxxx.mongo.cosmos.azure.com.mongo.cosmos.azure.com was not found in the tenant named myTenant. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 41ab28c7-c329-4918-b657-9c47ea9c9d00 Correlation ID: ee6af0e9-2f67-42a9-aa7e-1b1aa96cee82 Timestamp: 2025-01-15 19:42:24Z

Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,738 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,021 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Purushottam Kumar 0 Reputation points
    2025-01-15T20:27:29.4233333+00:00

    Troubleshooting CosmosClient Authentication for MongoDB API

    1. Check Resource URL: Ensure the URL is correctly formatted: 
         1https://<your-account-name>.mongo.cosmos.azure.com
      Verify App Registration:
      • Go to Azure Active Directory > App registrations.
        • Confirm your application is registered in the correct tenant.
        Grant Permissions: 
        - Under your app, check "API permissions" and ensure necessary permissions for Cosmos DB are granted.

   - Have an admin consent to the permissions if needed.

   **Correct Tenant ID**: Ensure your authentication request uses the correct tenant ID.
    2. Example Code: 
         from azure.identity import DefaultAzureCredential
   from azure.cosmos import CosmosClient
   account_url = "https://<your-account-name>.mongo.cosmos.azure.com" 
   credential = DefaultAzureCredential() 
   client = CosmosClient(account_url, credential=credential) 
   database_name = "<your-database-name>" 
   database = client.get_database_client(database_name)

    By following these steps, you should resolve the authentication issues. If problems persist, consult Azure documentation or support.

  2. Goutam Pratti 1,475 Reputation points Microsoft Vendor
    2025-01-17T21:35:01.01+00:00

    Hello @Jeffrey Mak ,

    Thank you for reaching out Microsoft Q&A.

    I understand you are getting error AADSTS500011 You get this error message when the requested resource (resembled by a service principal) does not exist in the tenant.

    Solution:

    Step 1:
    Verify if the service principal exists First look for the application based on {client-id}. You can do this by looking in the Enterprise Apps. Ensure Application Type is set to All and click Apply. Search for the app.

    Step 2:
    Go to Permissions, and click Grant admin consent. Try accessing your application again. If it continues to fail with the same error message. Then go to the next step.

    Step 3:
    Build a consent URL for the {resource-id} To this step only if step above did not resolve the issue. Your consent URL will look something like this -

    https://login.microsoftonline.com/{your-tenant-id}/oauth2/v2.0/authorize?response_type=code&client_id={resource-id}&prompt=admin_consent&scope=openid

    Ensure you provide the correct {your-tenant-id} and **{resource-id}**Hope this helps. Do let us know if you any further queries.

    for additional information and inputs follow: https://learn.microsoft.com/en-us/azure/cosmos-db/mongodb/how-to-setup-rbac?source=recommendations

    https://learn.microsoft.com/en-us/azure/cosmos-db/mongodb/how-to-python-get-started?source=recommendations&tabs=venv-windows%2Cazure-cli%2Cwindows

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    Regards,
    Goutam Pratti.

    0 comments
  3. Bruce (SqlWork.com) 70,056 Reputation points
    2025-01-17T21:51:20.81+00:00

    No. the sample is only for a cosmos db configured for the cosmos db api. it will not work with cosmos db configured with the mongo api. try this instead:

    https://learn.microsoft.com/en-us/azure/cosmos-db/mongodb/quickstart-python?tabs=windows-package%2Cazure-cli&pivots=devcontainer-codespace

    0 comments
  4. Sajeetharan 2,261 Reputation points Microsoft Employee
    2025-01-19T16:36:03.08+00:00

    Cosmos DB for Mongo API does not support Service Principal or Managed Identity yet. The sample you have mentioned is just for NOSQL API

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.