Open felipementel opened 1 month ago
Thank you for opening this issue! Please be patient while we will look into it and get back to you as this is an open source project. In the meantime make sure you take a look at the [closed issues](https://github.com/Azure/apiops/issues?q=is%3Aissue+is%3Aclosed) in case your question has already been answered. Don't forget to provide any additional information if needed (e.g. scrubbed logs, detailed feature requests,etc.).
Whenever it's feasible, please don't hesitate to send a Pull Request (PR) our way. We'd greatly appreciate it, and we'll gladly assess and incorporate your changes.
This tells me that you have an expired token. I don't think it's an issue with apiops. How many apis do you have just out of curiosity? Because we have users who use apiops with 1000s of apis in their environment.
This tells me that you have an expired token. I don't think it's an issue with apiops. How many apis do you have just out of curiosity? Because we have users who use apiops with 1000s of apis in their environment.
We have 456 API´s
@waelkdouh
The extract process is during more than one hour, and the token is valid just during one hour. How can we expand the token lifetime ?
To expand an Azure AD token expiration, especially for use within an Azure DevOps pipeline, you will need to adjust the lifetime of the access tokens. However, it’s important to note that Azure AD access tokens have a default expiration of 1 hour and this cannot be extended for access tokens themselves. However, you can control the refresh token lifetime or use a long-lived token mechanism like Managed Identities or Service Principals that continuously obtain fresh tokens.
Configure Token Lifetime Policy: While Azure AD no longer supports setting custom access token lifetimes (since 2021), you can configure refresh token lifetimes using Token Lifetime Policies for specific applications.
Here's how to set it:
Example using PowerShell:
Connect-AzureAD
$policy = New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"MaxAgeSingleFactor":"24:00:00"}}') -DisplayName "24HourPolicy" -IsOrganizationDefault $false
Add-AzureADApplicationPolicy -Id <AppId> -RefObjectId $policy.Id
Managed Identity or Service Principal Authentication: Instead of extending token lifetimes directly, consider using a Managed Identity or Service Principal in your Azure DevOps pipeline. Managed Identities allow the pipeline to obtain a fresh token whenever needed, automatically handling token refresh behind the scenes.
To set up Managed Identity in an Azure DevOps pipeline:
AzureCLI@2
or AzurePowerShell@5
tasks to authenticate using the Managed Identity in your pipeline.Example pipeline task with Managed Identity:
- task: AzureCLI@2
inputs:
azureSubscription: '<your-managed-identity-subscription>'
scriptType: 'ps
Also please remember to close the issue if the suggested solution above resolves the error for you.
@waelkdouh
I didn't find the commands New-AzureADPolicy and Add-AzureADApplicationPolicy at Powershell
Here is the list of the commands
Get-Command -Module AzureAD
CommandType Name Version Source
----------- ---- ------- ------
Alias Get-AzureADApplicationProxyConnectorGroupMembers 2.0.2.182 AzureAD
Cmdlet Add-AzureADApplicationOwner 2.0.2.182 AzureAD
Cmdlet Add-AzureADDeviceRegisteredOwner 2.0.2.182 AzureAD
Cmdlet Add-AzureADDeviceRegisteredUser 2.0.2.182 AzureAD
Cmdlet Add-AzureADDirectoryRoleMember 2.0.2.182 AzureAD
Cmdlet Add-AzureADGroupMember 2.0.2.182 AzureAD
Cmdlet Add-AzureADGroupOwner 2.0.2.182 AzureAD
Cmdlet Add-AzureADMSAdministrativeUnitMember 2.0.2.182 AzureAD
Cmdlet Add-AzureADMSApplicationOwner 2.0.2.182 AzureAD
Cmdlet Add-AzureADMSLifecyclePolicyGroup 2.0.2.182 AzureAD
Cmdlet Add-AzureADMSScopedRoleMembership 2.0.2.182 AzureAD
Cmdlet Add-AzureADMSServicePrincipalDelegatedPermissio... 2.0.2.182 AzureAD
Cmdlet Add-AzureADServicePrincipalOwner 2.0.2.182 AzureAD
Cmdlet Confirm-AzureADDomain 2.0.2.182 AzureAD
Cmdlet Connect-AzureAD 2.0.2.182 AzureAD
Cmdlet Disconnect-AzureAD 2.0.2.182 AzureAD
Cmdlet Enable-AzureADDirectoryRole 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplication 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationExtensionProperty 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationKeyCredential 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationLogo 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationOwner 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationPasswordCredential 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationProxyApplication 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationProxyApplicationConnector... 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationProxyConnector 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationProxyConnectorGroup 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationProxyConnectorGroupMember 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationProxyConnectorMemberOf 2.0.2.182 AzureAD
Cmdlet Get-AzureADApplicationServiceEndpoint 2.0.2.182 AzureAD
Cmdlet Get-AzureADContact 2.0.2.182 AzureAD
Cmdlet Get-AzureADContactDirectReport 2.0.2.182 AzureAD
Cmdlet Get-AzureADContactManager 2.0.2.182 AzureAD
Cmdlet Get-AzureADContactMembership 2.0.2.182 AzureAD
Cmdlet Get-AzureADContactThumbnailPhoto 2.0.2.182 AzureAD
Cmdlet Get-AzureADContract 2.0.2.182 AzureAD
Cmdlet Get-AzureADCurrentSessionInfo 2.0.2.182 AzureAD
Cmdlet Get-AzureADDeletedApplication 2.0.2.182 AzureAD
Cmdlet Get-AzureADDevice 2.0.2.182 AzureAD
Cmdlet Get-AzureADDeviceConfiguration 2.0.2.182 AzureAD
Cmdlet Get-AzureADDeviceRegisteredOwner 2.0.2.182 AzureAD
Cmdlet Get-AzureADDeviceRegisteredUser 2.0.2.182 AzureAD
Cmdlet Get-AzureADDirectoryRole 2.0.2.182 AzureAD
Cmdlet Get-AzureADDirectoryRoleMember 2.0.2.182 AzureAD
Cmdlet Get-AzureADDirectoryRoleTemplate 2.0.2.182 AzureAD
Cmdlet Get-AzureADDomain 2.0.2.182 AzureAD
Cmdlet Get-AzureADDomainNameReference 2.0.2.182 AzureAD
Cmdlet Get-AzureADDomainServiceConfigurationRecord 2.0.2.182 AzureAD
Cmdlet Get-AzureADDomainVerificationDnsRecord 2.0.2.182 AzureAD
Cmdlet Get-AzureADExtensionProperty 2.0.2.182 AzureAD
Cmdlet Get-AzureADGroup 2.0.2.182 AzureAD
Cmdlet Get-AzureADGroupAppRoleAssignment 2.0.2.182 AzureAD
Cmdlet Get-AzureADGroupMember 2.0.2.182 AzureAD
Cmdlet Get-AzureADGroupOwner 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSAdministrativeUnit 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSAdministrativeUnitMember 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSApplication 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSApplicationExtensionProperty 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSApplicationOwner 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSAuthorizationPolicy 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSConditionalAccessPolicy 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSDeletedDirectoryObject 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSDeletedGroup 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSGroup 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSGroupLifecyclePolicy 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSGroupPermissionGrant 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSIdentityProvider 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSLifecyclePolicyGroup 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSNamedLocationPolicy 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSPermissionGrantConditionSet 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSPermissionGrantPolicy 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSRoleAssignment 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSRoleDefinition 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSScopedRoleMembership 2.0.2.182 AzureAD
Cmdlet Get-AzureADMSServicePrincipalDelegatedPermissio... 2.0.2.182 AzureAD
Cmdlet Get-AzureADOAuth2PermissionGrant 2.0.2.182 AzureAD
Cmdlet Get-AzureADObjectByObjectId 2.0.2.182 AzureAD
Cmdlet Get-AzureADServiceAppRoleAssignedTo 2.0.2.182 AzureAD
Cmdlet Get-AzureADServiceAppRoleAssignment 2.0.2.182 AzureAD
Cmdlet Get-AzureADServicePrincipal 2.0.2.182 AzureAD
Cmdlet Get-AzureADServicePrincipalCreatedObject 2.0.2.182 AzureAD
Cmdlet Get-AzureADServicePrincipalKeyCredential 2.0.2.182 AzureAD
Cmdlet Get-AzureADServicePrincipalMembership 2.0.2.182 AzureAD
Cmdlet Get-AzureADServicePrincipalOAuth2PermissionGrant 2.0.2.182 AzureAD
Cmdlet Get-AzureADServicePrincipalOwnedObject 2.0.2.182 AzureAD
Cmdlet Get-AzureADServicePrincipalOwner 2.0.2.182 AzureAD
Cmdlet Get-AzureADServicePrincipalPasswordCredential 2.0.2.182 AzureAD
Cmdlet Get-AzureADSubscribedSku 2.0.2.182 AzureAD
Cmdlet Get-AzureADTenantDetail 2.0.2.182 AzureAD
Cmdlet Get-AzureADTrustedCertificateAuthority 2.0.2.182 AzureAD
Cmdlet Get-AzureADUser 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserAppRoleAssignment 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserCreatedObject 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserDirectReport 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserExtension 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserLicenseDetail 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserManager 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserMembership 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserOAuth2PermissionGrant 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserOwnedDevice 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserOwnedObject 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserRegisteredDevice 2.0.2.182 AzureAD
Cmdlet Get-AzureADUserThumbnailPhoto 2.0.2.182 AzureAD
Cmdlet Get-CrossCloudVerificationCode 2.0.2.182 AzureAD
Cmdlet New-AzureADApplication 2.0.2.182 AzureAD
Cmdlet New-AzureADApplicationExtensionProperty 2.0.2.182 AzureAD
Cmdlet New-AzureADApplicationKeyCredential 2.0.2.182 AzureAD
Cmdlet New-AzureADApplicationPasswordCredential 2.0.2.182 AzureAD
Cmdlet New-AzureADApplicationProxyApplication 2.0.2.182 AzureAD
Cmdlet New-AzureADApplicationProxyConnectorGroup 2.0.2.182 AzureAD
Cmdlet New-AzureADDevice 2.0.2.182 AzureAD
Cmdlet New-AzureADDomain 2.0.2.182 AzureAD
Cmdlet New-AzureADGroup 2.0.2.182 AzureAD
Cmdlet New-AzureADGroupAppRoleAssignment 2.0.2.182 AzureAD
Cmdlet New-AzureADMSAdministrativeUnit 2.0.2.182 AzureAD
Cmdlet New-AzureADMSApplication 2.0.2.182 AzureAD
Cmdlet New-AzureADMSApplicationExtensionProperty 2.0.2.182 AzureAD
Cmdlet New-AzureADMSApplicationKey 2.0.2.182 AzureAD
Cmdlet New-AzureADMSApplicationPassword 2.0.2.182 AzureAD
Cmdlet New-AzureADMSConditionalAccessPolicy 2.0.2.182 AzureAD
Cmdlet New-AzureADMSGroup 2.0.2.182 AzureAD
Cmdlet New-AzureADMSGroupLifecyclePolicy 2.0.2.182 AzureAD
Cmdlet New-AzureADMSIdentityProvider 2.0.2.182 AzureAD
Cmdlet New-AzureADMSInvitation 2.0.2.182 AzureAD
Cmdlet New-AzureADMSNamedLocationPolicy 2.0.2.182 AzureAD
Cmdlet New-AzureADMSPermissionGrantConditionSet 2.0.2.182 AzureAD
Cmdlet New-AzureADMSPermissionGrantPolicy 2.0.2.182 AzureAD
Cmdlet New-AzureADMSRoleAssignment 2.0.2.182 AzureAD
Cmdlet New-AzureADMSRoleDefinition 2.0.2.182 AzureAD
Cmdlet New-AzureADServiceAppRoleAssignment 2.0.2.182 AzureAD
Cmdlet New-AzureADServicePrincipal 2.0.2.182 AzureAD
Cmdlet New-AzureADServicePrincipalKeyCredential 2.0.2.182 AzureAD
Cmdlet New-AzureADServicePrincipalPasswordCredential 2.0.2.182 AzureAD
Cmdlet New-AzureADTrustedCertificateAuthority 2.0.2.182 AzureAD
Cmdlet New-AzureADUser 2.0.2.182 AzureAD
Cmdlet New-AzureADUserAppRoleAssignment 2.0.2.182 AzureAD
Cmdlet Remove-AzureADApplication 2.0.2.182 AzureAD
Cmdlet Remove-AzureADApplicationExtensionProperty 2.0.2.182 AzureAD
Cmdlet Remove-AzureADApplicationKeyCredential 2.0.2.182 AzureAD
Cmdlet Remove-AzureADApplicationOwner 2.0.2.182 AzureAD
Cmdlet Remove-AzureADApplicationPasswordCredential 2.0.2.182 AzureAD
Cmdlet Remove-AzureADApplicationProxyApplication 2.0.2.182 AzureAD
Cmdlet Remove-AzureADApplicationProxyApplicationConnec... 2.0.2.182 AzureAD
Cmdlet Remove-AzureADApplicationProxyConnectorGroup 2.0.2.182 AzureAD
Cmdlet Remove-AzureADContact 2.0.2.182 AzureAD
Cmdlet Remove-AzureADContactManager 2.0.2.182 AzureAD
Cmdlet Remove-AzureADDeletedApplication 2.0.2.182 AzureAD
Cmdlet Remove-AzureADDevice 2.0.2.182 AzureAD
Cmdlet Remove-AzureADDeviceRegisteredOwner 2.0.2.182 AzureAD
Cmdlet Remove-AzureADDeviceRegisteredUser 2.0.2.182 AzureAD
Cmdlet Remove-AzureADDirectoryRoleMember 2.0.2.182 AzureAD
Cmdlet Remove-AzureADDomain 2.0.2.182 AzureAD
Cmdlet Remove-AzureADGroup 2.0.2.182 AzureAD
Cmdlet Remove-AzureADGroupAppRoleAssignment 2.0.2.182 AzureAD
Cmdlet Remove-AzureADGroupMember 2.0.2.182 AzureAD
Cmdlet Remove-AzureADGroupOwner 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSAdministrativeUnit 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSAdministrativeUnitMember 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSApplication 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSApplicationExtensionProperty 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSApplicationKey 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSApplicationOwner 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSApplicationPassword 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSApplicationVerifiedPublisher 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSConditionalAccessPolicy 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSDeletedDirectoryObject 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSGroup 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSGroupLifecyclePolicy 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSIdentityProvider 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSLifecyclePolicyGroup 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSNamedLocationPolicy 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSPermissionGrantConditionSet 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSPermissionGrantPolicy 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSRoleAssignment 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSRoleDefinition 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSScopedRoleMembership 2.0.2.182 AzureAD
Cmdlet Remove-AzureADMSServicePrincipalDelegatedPermis... 2.0.2.182 AzureAD
Cmdlet Remove-AzureADOAuth2PermissionGrant 2.0.2.182 AzureAD
Cmdlet Remove-AzureADServiceAppRoleAssignment 2.0.2.182 AzureAD
Cmdlet Remove-AzureADServicePrincipal 2.0.2.182 AzureAD
Cmdlet Remove-AzureADServicePrincipalKeyCredential 2.0.2.182 AzureAD
Cmdlet Remove-AzureADServicePrincipalOwner 2.0.2.182 AzureAD
Cmdlet Remove-AzureADServicePrincipalPasswordCredential 2.0.2.182 AzureAD
Cmdlet Remove-AzureADTrustedCertificateAuthority 2.0.2.182 AzureAD
Cmdlet Remove-AzureADUser 2.0.2.182 AzureAD
Cmdlet Remove-AzureADUserAppRoleAssignment 2.0.2.182 AzureAD
Cmdlet Remove-AzureADUserExtension 2.0.2.182 AzureAD
Cmdlet Remove-AzureADUserManager 2.0.2.182 AzureAD
Cmdlet Reset-AzureADMSLifeCycleGroup 2.0.2.182 AzureAD
Cmdlet Restore-AzureADDeletedApplication 2.0.2.182 AzureAD
Cmdlet Restore-AzureADMSDeletedDirectoryObject 2.0.2.182 AzureAD
Cmdlet Revoke-AzureADSignedInUserAllRefreshToken 2.0.2.182 AzureAD
Cmdlet Revoke-AzureADUserAllRefreshToken 2.0.2.182 AzureAD
Cmdlet Select-AzureADGroupIdsContactIsMemberOf 2.0.2.182 AzureAD
Cmdlet Select-AzureADGroupIdsGroupIsMemberOf 2.0.2.182 AzureAD
Cmdlet Select-AzureADGroupIdsServicePrincipalIsMemberOf 2.0.2.182 AzureAD
Cmdlet Select-AzureADGroupIdsUserIsMemberOf 2.0.2.182 AzureAD
Cmdlet Set-AzureADApplication 2.0.2.182 AzureAD
Cmdlet Set-AzureADApplicationLogo 2.0.2.182 AzureAD
Cmdlet Set-AzureADApplicationProxyApplication 2.0.2.182 AzureAD
Cmdlet Set-AzureADApplicationProxyApplicationConnector... 2.0.2.182 AzureAD
Cmdlet Set-AzureADApplicationProxyApplicationCustomDom... 2.0.2.182 AzureAD
Cmdlet Set-AzureADApplicationProxyApplicationSingleSignOn 2.0.2.182 AzureAD
Cmdlet Set-AzureADApplicationProxyConnector 2.0.2.182 AzureAD
Cmdlet Set-AzureADApplicationProxyConnectorGroup 2.0.2.182 AzureAD
Cmdlet Set-AzureADDevice 2.0.2.182 AzureAD
Cmdlet Set-AzureADDomain 2.0.2.182 AzureAD
Cmdlet Set-AzureADGroup 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSAdministrativeUnit 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSApplication 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSApplicationLogo 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSApplicationVerifiedPublisher 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSAuthorizationPolicy 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSConditionalAccessPolicy 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSGroup 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSGroupLifecyclePolicy 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSIdentityProvider 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSNamedLocationPolicy 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSPermissionGrantConditionSet 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSPermissionGrantPolicy 2.0.2.182 AzureAD
Cmdlet Set-AzureADMSRoleDefinition 2.0.2.182 AzureAD
Cmdlet Set-AzureADServicePrincipal 2.0.2.182 AzureAD
Cmdlet Set-AzureADTenantDetail 2.0.2.182 AzureAD
Cmdlet Set-AzureADTrustedCertificateAuthority 2.0.2.182 AzureAD
Cmdlet Set-AzureADUser 2.0.2.182 AzureAD
Cmdlet Set-AzureADUserExtension 2.0.2.182 AzureAD
Cmdlet Set-AzureADUserLicense 2.0.2.182 AzureAD
Cmdlet Set-AzureADUserManager 2.0.2.182 AzureAD
Cmdlet Set-AzureADUserPassword 2.0.2.182 AzureAD
Cmdlet Set-AzureADUserThumbnailPhoto 2.0.2.182 AzureAD
Cmdlet Update-AzureADSignedInUserPassword 2.0.2.182 AzureAD
more infos
$PSVersionTable.PSVersion
Major Minor Build Revision
----- ----- ----- --------
5 1 22621 4111
This is an issue outside the scope of apiops. Consult their docs please.
This is an issue outside the scope of apiops. Consult their docs please.
I'll study about this item and back here to post the solution, ok? Is It possible the maintain this issue open or do you prefers to close it?
Please keep it open Abe report back here as it helps the wider community.
Release version
6.0.1.1
Describe the bug
Hello,
I´m running the extractor from APIM with many objects (apis, version sets, policies fragments, ...) and the extraction is during more than one hour and because this is broken.
The message is like this: System.Net.Http.HttpRequestException: HTTP request to URI
====
Summary:
{"code":"ExpiredAuthenticationToken","message":"The access token expiry UTC time '9/20/2024 4:01:35 AM' is earlier than current UTC time '9/20/2024 4:01:35 AM'."}