I have to use the weather API from Azure MAPS with Shared access signature token authentication

I have followed the instructions from here:

https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/azure-maps/azure-maps-authentication.md#create-sas-tokens

So the actions I’ve taken so far are the following :

• I have created an Azure MAPs account along with a user-assigned
  managed identity in the same location as the Azure Maps account.
• I have assigned role-based access control for the managed
  identity to an Azure Maps data role at the account scope.
• I have registered an APP and I have given it API permissions for Azure Maps along with the Azure Maps Data Reader role from Azure MAPs IAM

I can manually create the SAS token on the Azure Maps account relevant field and it works fine.

However, I need to create SAS tokens in my back-end solution programmatically.

So I followed the example form here:

https://learn.microsoft.com/en-us/rest/api/maps-management/accounts/list-sas?view=rest-maps-management-2023-06-01&tabs=HTTP

and created the following Python code:

from azure.identity import DefaultAzureCredential
from azure.mgmt.maps import AzureMapsManagementClient
import os
import datetime
"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-maps
# USAGE
    python account_list_sas.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
client_id = "fdxxxxxxxxxxxxxxxx"
client_secret = "Nqxxxxxxxxxxxxxxxxxxx"
tenant_id = "92xxxxxxxxxxxxxxxxxxxxxxx"
subscription_id = "6fxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
principal_id = "22xxxxxxxxxxxxxxxxxxxxxxx"

os.environ['AZURE_TENANT_ID'] = tenant_id
os.environ['AZURE_CLIENT_SECRET'] = client_secret
os.environ["AZURE_SUBSCRIPTION_ID"] = subscription_id
os.environ['AZURE_CLIENT_ID'] = client_id
def format_time(time: datetime.datetime) -> str:
    return time.strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z'

def main():
    client = AzureMapsManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id=subscription_id,
    )
    time_now = datetime.datetime.utcnow()
    response = client.accounts.list_sas(
        resource_group_name="my_group_name",
        account_name="my_account_name",
        maps_account_sas_parameters={
            "expiry": format_time(time_now + datetime.timedelta(hours=2)),
            "maxRatePerSecond": 500,
            "principalId": principal_id,
            "regions": ["westeurope"],
            "signingKey": "primaryKey",
            "start": format_time(time_now),
        },
    )
    print(response)


# x-ms-original-file: specification/maps/resource-manager/Microsoft.Maps/stable/2023-06-01/examples/AccountListSAS.json
if __name__ == "__main__":
    main()

However, I always get the error

Message: The client '70exxxxxxxxxxx' with object id '70exxxxxxxx' does not have authorization to perform action 'Microsoft.Maps/accounts/listSas/action' over scope '/subscriptions/6fxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/my_resource_group/providers/Microsoft.Maps/accounts/my_account_name' or the scope is invalid. If access was recently granted, please refresh your credentials.

So the first question is where the code finds the above client 70exxxxxxxxxxx since I have put a different value in the client ID of the registered app.

I’ve checked many times the values for

• client_id
• client_secret
• tenant_id
• subscription_id
• principal_id

and they are the correct ones.

Since I’m quite new to Azure, can anyone help with what I’m doing wrong here?

What is missing from the configuration point of view?

Thank you for your time.