Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using consumer group authentication fails #40182

Open
conniey opened this issue May 15, 2024 · 0 comments
Open

Using consumer group authentication fails #40182

conniey opened this issue May 15, 2024 · 0 comments
Assignees
@conniey
Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library. Event Hubs

Comments

@conniey
Copy link
Member

conniey commented May 15, 2024

See: Azure/azure-sdk-for-python#35337

When connecting to Eventhub to read data from consumer group authentication fails when using AD/Entra Authentication is used, and RBAC permissions assigned to consumer group per design for Event hub and following least access principle and avoid risk consuming application read from wrong consumer group causing problems for other consumers.
Ref: https://learn.microsoft.com/en-us/azure/event-hubs/authorize-access-azure-active-directory.
Error message: "Unauthorized access. 'Listen' claim(s) are required to perform this operation"

Fix: URI/audience passed in to the put token when authenticating the consumer should include consumer group. i.e. It should look like
"sb://.servicebus.windows.net/eventhubs//consumergroups/"
and not "sb://.servicebus.windows.net/".
@conniey conniey added bug This issue requires a change to an existing behavior in the product in order to be resolved. Event Hubs Client This issue points to a problem in the data-plane of the library. labels May 15, 2024
@conniey conniey self-assigned this May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@conniey conniey

Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library. Event Hubs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@conniey