I am in the process of creating a small Next.js application with the following structure:
- Authenticate a user via Azure AD using Next-Auth
- Allow the user to initiate a SQL Database Sync by clicking a button within the app with the access token obtained during login
Currently, I can successfully log in users. However, when attempting to trigger a sync, I encounter a 401 error along with the message below:
Bearer authorization_uri="https://login.windows.net/7fa9636e-d679-4ddb-8a64-ea9ca3b3d21b", error="invalid_token", error_description="Could not find identity for access token."I believe my Azure configuration is correct. The API permissions added to the App Registration in the Azure Portal are as follows:
- Azure SQL Database (user_impersonation)
- Azure Service Management (user_impersonation)
- Microsoft Graph (email, openid, profile, User.Read)
The scope included in the authorization parameters within the Next-Auth options is:
params: {scope: "User.Read User.Read.All offline_access .default",},
You can test this process by logging in at the provided URL (https://learn.microsoft.com/en-us/rest/api/sql/2021-02-01-preview/sync-groups/trigger-sync?tabs=HTTP). While I can log in and submit a request using the bearer token generated on that site, attempting the same request in Postman works fine with the Azure portal generated token. However, using the bearer token from my web app results in the same 401 error.
What else might I be overlooking?