Received error - "AADSTS399266: Blob grant token received with wrong issuer type."

Question

I am trying to use the code from this microsoft learn page - https://learn.microsoft.com/en-us/samples/azure-samples/ms-identity-ciam-javascript-tutorial/ms-identity-ciam-javascript-tutorial-0-call-api-vanillajs/ and configure the Ids. When trying to authenticate and access the API, seeing below error with status code 400.

{

"error": "invalid_request",

"error_description": "AADSTS399266: Blob grant token received with wrong issuer type. Trace ID: 2cd9ffce-cb70-454d-be7f-d8f39dfc0401 Correlation ID: e689aacd-7c78-42e6-93d0-12b70b24620c Timestamp: 2024-09-05 15:49:43Z",

"error_codes": [

    399266

],

"timestamp": "2024-09-05 15:49:43Z",

"trace_id": "2cd9ffce-cb70-454d-be7f-d8f39dfc0401",

"correlation_id": "e689aacd-7c78-42e6-93d0-12b70b24620c"

}

Answer 1

Hi @Narisetti, Bernard , aside from making sure that the tenant ID and subscription ID in your configuration are correct, make sure you are logged in with the correct account using the Azure CLI. You can check this with:

   az account show

If the account is incorrect, log in with:

   az login --tenant <tenant-id>

If you are using a service principal for authentication, make sure it has the necessary permissions to access the subscription and tenant.

You could also try using a different authority URL to get the token. You can set the authority with:

az cloud set --name AzureCloud

If the subscription was recently transferred to another tenant, it might take some time for the changes to propagate. Wait for a while and try again later.

Please let me know if this helps.

Best,

James