azure-sdk-for-java icon indicating copy to clipboard operation
azure-sdk-for-java copied to clipboard
verified publisher icon Azure

Using consumer group authentication fails

Open conniey opened this issue 1 year ago • 0 comments

See: https://github.com/Azure/azure-sdk-for-python/issues/35337

When connecting to Eventhub to read data from consumer group authentication fails when using AD/Entra Authentication is used, and RBAC permissions assigned to consumer group per design for Event hub and following least access principle and avoid risk consuming application read from wrong consumer group causing problems for other consumers. Ref: https://learn.microsoft.com/en-us/azure/event-hubs/authorize-access-azure-active-directory. Error message: "Unauthorized access. 'Listen' claim(s) are required to perform this operation"

Fix: URI/audience passed in to the put token when authenticating the consumer should include consumer group. i.e. It should look like "sb://.servicebus.windows.net/eventhubs//consumergroups/" and not "sb://.servicebus.windows.net/".

conniey avatar May 15 '24 17:05 conniey