Azure Blob Storage "Authorization Permission Mismatch" error for get request with AD token
I am building an Angular 6 application that will be able to make CRUD operation on Azure Blob Storage. I'm however using postman to test requests before implementing them inside the app and copy-pasting the token that I get from Angular for that resource.
When trying to read a file that I have inside the storage for test purposes, I'm getting: <Code>AuthorizationPermissionMismatch</Code>
<Message>This request is not authorized to perform this operation using this permission.
- All in production environment (although developing)
- Token acquired specifically for storage resource via Oauth
- Postman has the token strategy as "bearer "
- Application has "Azure Storage" delegated permissions granted.
- Both the app and the account I'm acquiring the token are added as "owners" in azure access control IAM
- My IP is added to CORS settings on the blob storage.
- StorageV2 (general purpose v2) - Standard - Hot
- x-ms-version header used is:
2018-03-28because that's the latest I could find and I just created the storage account.
Answer
I found it's not enough for the app and account to be added as owners, I would go into your storage account > IAM > Add role and add the special permission for this type of request, STORAGE BLOB DATA CONTRIBUTOR (PREVIEW)