search

Azure / azure-cli

Azure Command-Line Interface
MIT License
4.03k stars 3.01k forks source link

az login with service principal not working on macOS #27191

Closed mracfa closed 1 year ago

mracfa commented 1 year ago

Describe the bug

When trying to login with SP and certificate on macOS it fails with the exception below.

It works fine on Linux and on cloudshell with the same exact certificate and user.

Related command

az login --service-principal -u {} -p {} -t {} -o {}

Errors

The command failed with an unexpected error. Here is the traceback: allow_broker=True is only supported in PublicClientApplication Traceback (most recent call last): File "/opt/homebrew/lib/python3.11/site-packages/knack/cli.py", line 233, in invoke cmd_result = self.invocation.execute(args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/homebrew/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 663, in execute raise ex File "/opt/homebrew/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially results.append(self._run_job(expanded_arg, cmd_copy)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/homebrew/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job result = cmd_copy(params) ^^^^^^^^^^^^^^^^ File "/opt/homebrew/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 333, in call return self.handler(*args, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/homebrew/lib/python3.11/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler return op(command_args) ^^^^^^^^^^^^^^^^^^ File "/opt/homebrew/lib/python3.11/site-packages/azure/cli/command_modules/profile/custom.py", line 139, in login subscriptions = profile.login( ^^^^^^^^^^^^^^ File "/opt/homebrew/lib/python3.11/site-packages/azure/cli/core/_profile.py", line 159, in login identity.login_with_service_principal(username, password, scopes=scopes) File "/opt/homebrew/lib/python3.11/site-packages/azure/cli/core/auth/identity.py", line 182, in login_with_service_principal cred = ServicePrincipalCredential(sp_auth, self._msal_app_kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/homebrew/lib/python3.11/site-packages/azure/cli/core/auth/msal_authentication.py", line 132, in init super().init(service_principal_auth.client_id, client_credential=client_credential, kwargs) File "/opt/homebrew/lib/python3.11/site-packages/msal/application.py", line 555, in init raise ValueError("allow_broker=True is only supported in PublicClientApplication") ValueError: allow_broker=True is only supported in PublicClientApplication

Issue script & Debug output

az login --service-principal -u '$SP_UUID' -p certificate.pem -t '$AZ_TENATN' -o none

Expected behavior

successful login

Environment Summary

macOS-13.5-arm64-arm-64bit
Python 3.11.4
Installer: PIP

azure-cli 2.47.0 *

Extensions:
aks-preview 0.5.135
datafactory 0.7.0

Dependencies:
msal 1.20.0
azure-mgmt-resource 22.0.0

Additional context

It seems it happens the same exact exception when trying to login with secret (and SP)

azure-client-tools-bot-prd[bot] commented 1 year ago

Hi @mracfa,

2.47.0 is not the latest Azure CLI(2.51.0).

Please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

yonzhan commented 1 year ago

Thank you for opening this issue, we will look into it.

mracfa commented 1 year ago

It's not possible to upgrade to 2.51 on Mac. But I tested previously with 2.50 and I got the same error.

EDIT: meanwhile I upgraded to 2.51 and I get the same exact error. So the same error happens in 2.47, 2.50, 2.51 - both with certificate and with password/secret

mracfa commented 1 year ago

az config unset core.allow_broker

after running this it works

jiasli commented 1 year ago

Duplicate of https://github.com/Azure/azure-cli/issues/26052.