Closed juliusl closed 5 years ago
This is a typical browser setup issue (possibly enabled by some extensions) where the browser is forcing traffic through https://localhost:8400
. CLI fails because localhost
only works with HTTP.
To remove this HTTPS policy,
edge://net-internals/#hsts
; for Google Chrome, go to chrome://net-internals/#hsts
More info: https://stackoverflow.com/a/28586593/2199657
On top of @jiasli's suggestion, you can use az login --use-device-code
to get unblocked meanwhile.
@jiasli
Does deleting localhost from Delete domain security policies solve the issue?
@jiasli Yup that seems to fix it. Closing now. Thanks!
For Edge's hang issue, may be related to #10578.
I feel like this Chrome localhost issue should be called out on the documentation pages for az login
and Connect-AzAccount
.
Note that Chrome will "helpfully" map http to https in the URL, which needs to be undone for this to work
This is a typical browser setup issue (possibly enabled by some extensions) where Chrome is forcing traffic through https://localhost:8400. CLI fails because it only works with HTTP.
To remove this HTTPS policy,
- Go to
chrome://net-internals/#hsts
- Under Delete domain security policies, fill in localhost and click Delete
More info: https://stackoverflow.com/a/28586593/2199657
This begs the questions, "Why does the CLI only work with HTTP?" and "What is Microsoft going to do to address this?".
Note that Chrome will "helpfully" map http to https in the URL, which needs to be undone for this to work
I am using Chrome for development and daily usage. As far as I know, Chrome by itself doesn't do the redirection by default. Some extensions or policies might turn that on.
This begs the questions, "Why does the CLI only work with HTTP?" and "What is Microsoft going to do to address this?".
Because it is not possible to make HTTPS work on localhost
without trusting a self-signed certificate. In other words, it is not possible to get a public HTTPS certificate for localhost
. Redirecting http://localhost
to https://localhost
is simply a wrong behavior, as http://localhost
is only used for local development and HTTPS should NOT be enforced.
Using http://localhost
is the standard workflow of Auth Code flow:
redirect_uri
: The redirect_uri of your app, where authentication responses can be sent and received by your app. It must exactly match one of the redirect_uris you registered in the portal, except it must be url encoded. For native & mobile apps, you should use one of the recommended values - https://login.microsoftonline.com/common/oauth2/nativeclient (for apps using embedded browsers) or http://localhost (for apps that use system browsers).I feel like this Chrome localhost issue should be called out on the documentation pages for
az login
andConnect-AzAccount
.
This is definitely a good suggestion and we will put that in the document. Thanks for the suggestion!
solve here - https://github.com/Azure/azure-cli/issues/26180
@welersonlisboa, ERR_SSL_PROTOCOL_ERROR
is not relevant to https://github.com/Azure/azure-cli/issues/26180.
BTW, redirecting to localhost
is a designed behavior and defined by the OAuth 2.0 authorization code flow.
This is autogenerated. Please review and update as needed.
Describe the bug
When I try to do
az login
on my dev machine it will not succeed in Chrome. In edge I need to refresh the browser for the login process to finish. This was also broken 19 days ago so this time I tried and disabled all of my ad/tracker blocking extensions in chrome. However that didn't seem to help.Command Name
az login
Errors:
To Reproduce:
Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.
az login
Trying in Google chrome (doesn't work):
Url --
In Browser --
Trying in edge by changing default browser to edge. (partially works):
It was stuck on this for about a minute or two and then I decided to refresh the browser, then this happened below. It seemed to proceed to login from there.
Expected Behavior
Login works.
Environment Summary
Additional Context