I have an application which is hosted in Azure, I am able to authenticate the Bearer token which are generated by the Client (appId) Id which are under our same Tenent,.
Now I would Like to authenticate some other external tenant token which is also hosted in Azure but different Tenenat..
I was trying to add through Federated Credential, but I am getting Below error while generate the access Code.
Attached the mapping which I have done in Azure. I am not sure I am going in the right direction.
Error is:
Any Help on this is much appreciated
"error_description": "AADSTS700222: AAD-issued tokens may not be used for federated identity flows.\r\nTrace ID: 0154d231-b7d4-436c-9a5d-117d80460d00\r\nCorrelation ID: 0b9bd57f-6e20-4af9-961e-3f402345e707\r\nTimestamp: 2023-08-08 07:28:59Z",
The error occurred as you are creating federation between two Azure AD identities from different tenants. I have one access token created from one tenant with below claims decoded in jwt.ms:
Now, I used above claim values in creating federated credentials in application of different tenant like below:
When I tried to generate access token with federated credentials via Postman, I too got same error:
Response:
Alternatively, I created one access token for external IDP (auth0) having below claims:
Now, I created new federated credentials in application with above claim values:
When I used above token as
client_assertion, token generated successfully with federated credentials like below:Reference:
Azure Active Directory Workload Identity Federation with external OIDC IdP