Bad Request({"type":"https://tools.ietf.org/html/rfc9110#section-15.5.1","title":"One or more validation errors occurred.","status":400,"errors":{"$.properties.identityProviders.azureActiveDirectory.login.loginParameters":["The JSON value could not be converted to System.String[]. Path: $.properties.identityProviders.azureActiveDirectory.login.loginParameters | LineNumber: 0 | BytePositionInLine: 459."]}})
This line should be split1 = set_string.split("=", 1) instead, so we only split on the first =.
Related command
az containerapp auth update -g -n --set identityProviders.azureActiveDirectory.login.loginParameters=[scope=openid offline_access api:///user_impersonation]
Errors
Bad Request({"type":"https://tools.ietf.org/html/rfc9110#section-15.5.1","title":"One or more validation errors occurred.","status":400,"errors":{"$.properties.identityProviders.azureActiveDirectory.login.loginParameters":["The JSON value could not be converted to System.String[]. Path: $.properties.identityProviders.azureActiveDirectory.login.loginParameters | LineNumber: 0 | BytePositionInLine: 459."]}})
Issue script & Debug output
az containerapp auth update -g -n --set identityProviders.azureActiveDirectory.login.loginParameters=[scope=openid api:///user_impersonation] --debug
cli.azure.cli.core.azclierror: Bad Request({"type":"https://tools.ietf.org/html/rfc9110#section-15.5.1","title":"One or more validation errors occurred.","status":400,"errors":{"$.properties.identityProviders.azureActiveDirectory.login.loginParameters":["The JSON value could not be converted to System.String[]. Path: $.properties.identityProviders.azureActiveDirectory.login.loginParameters | LineNumber: 0 | BytePositionInLine: 459."]}})
az_command_data_logger: Bad Request({"type":"https://tools.ietf.org/html/rfc9110#section-15.5.1","title":"One or more validation errors occurred.","status":400,"errors":{"$.properties.identityProviders.azureActiveDirectory.login.loginParameters":["The JSON value could not be converted to System.String[]. Path: $.properties.identityProviders.azureActiveDirectory.login.loginParameters | LineNumber: 0 | BytePositionInLine: 459."]}})
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f286a091080>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 5.579 seconds (init: 0.489, invoke: 5.090)
cli.azure.cli.core.decorators: Suppress exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/azure/cli/main.py", line 62, in
raise ex
File "/opt/az/lib/python3.11/site-packages/azure/cli/main.py", line 55, in
sys.exit(exit_code)
SystemExit: 1
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/decorators.py", line 79, in _wrapped_func
return func(*args, kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/telemetry.py", line 128, in generate_payload
payload = json.dumps(self.events, separators=(',', ':'))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/json/init.py", line 238, in dumps
kw).encode(obj)
^^^^^^^^^^^
File "/opt/az/lib/python3.11/json/encoder.py", line 200, in encode
chunks = self.iterencode(o, _one_shot=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/json/encoder.py", line 258, in iterencode
return _iterencode(o, 0)
^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/json/encoder.py", line 180, in default
raise TypeError(f'Object of type {o.class.name} '
TypeError: Object of type HTTPError is not JSON serializable
telemetry.main: Split cli events and extra events failure: the JSON object must be str, bytes or bytearray, not NoneType
Expected behavior
I expected loginParameters to be set to "scope=openid offline_access api://<backend-client-id>/user_impersonation"
Describe the bug
Following the authentication tutorial and trying it out for container apps, we at one point have to do the following:
This will fail with the error
I believe this happens because there is an equality sign in the value, and the code doesn't take this into account. Having a look at the code, it seems to happen here: https://github.com/Azure/azure-cli/blob/fb42357c042351620683141bcb7ae906dba9e918/src/azure-cli/azure/cli/command_modules/containerapp/_utils.py#L1398
This line should be
split1 = set_string.split("=", 1)
instead, so we only split on the first=
.Related command
az containerapp auth update -g -n --set identityProviders.azureActiveDirectory.login.loginParameters=[scope=openid offline_access api:///user_impersonation]
Errors
Bad Request({"type":"https://tools.ietf.org/html/rfc9110#section-15.5.1","title":"One or more validation errors occurred.","status":400,"errors":{"$.properties.identityProviders.azureActiveDirectory.login.loginParameters":["The JSON value could not be converted to System.String[]. Path: $.properties.identityProviders.azureActiveDirectory.login.loginParameters | LineNumber: 0 | BytePositionInLine: 459."]}})
Issue script & Debug output
az containerapp auth update -g -n --set identityProviders.azureActiveDirectory.login.loginParameters=[scope=openid api:///user_impersonation] --debug
cli.knack.cli: Command arguments: ['containerapp', 'auth', 'update', '-g', '', '-n', '', '--set', 'identityProviders.azureActiveDirectory.login.loginParameters=[scope=openid api:///user_impersonation]', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f286b00c040>, <function OutputProducer.on_global_arguments at 0x7f286afb6200>, <function CLIQuery.on_global_arguments at 0x7f286aff3ce0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Command index version or cloud profile is invalid or doesn't match the current command.
cli.azure.cli.core: Command index has been invalidated.
cli.azure.cli.core: No module found from index for '['containerapp', 'auth', 'update', '-g', '', '-n', '', '--set', 'identityProviders.azureActiveDirectory.login.loginParameters=[scope=openid api:///user_impersonation]', '--debug']'
cli.azure.cli.core: Loading all modules and extensions
cli.azure.cli.core: Discovered command modules: ['acr', 'acs', 'advisor', 'ams', 'apim', 'appconfig', 'appservice', 'aro', 'backup', 'batch', 'batchai', 'billing', 'botservice', 'cdn', 'cloud', 'cognitiveservices', 'compute_recommender', 'config', 'configure', 'consumption', 'container', 'containerapp', 'cosmosdb', 'databoxedge', 'dla', 'dls', 'dms', 'eventgrid', 'eventhubs', 'extension', 'feedback', 'find', 'hdinsight', 'identity', 'interactive', 'iot', 'keyvault', 'kusto', 'lab', 'managedservices', 'maps', 'marketplaceordering', 'monitor', 'mysql', 'netappfiles', 'network', 'policyinsights', 'privatedns', 'profile', 'rdbms', 'redis', 'relay', 'resource', 'role', 'search', 'security', 'servicebus', 'serviceconnector', 'servicefabric', 'signalr', 'sql', 'sqlvm', 'storage', 'synapse', 'util', 'vm']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: acr 0.305 36 149
cli.azure.cli.core: acs 0.048 14 76
cli.azure.cli.core: advisor 0.004 3 6
cli.azure.cli.core: ams 0.010 22 100
cli.azure.cli.core: apim 0.012 14 69
cli.azure.cli.core: appconfig 0.007 9 47
cli.azure.cli.core: appservice 0.149 79 270
cli.azure.cli.core: aro 0.030 1 10
cli.azure.cli.core: backup 0.009 16 60
cli.azure.cli.core: batch 0.064 34 102
cli.azure.cli.core: batchai 0.007 10 30
cli.azure.cli.core: billing 0.041 19 53
cli.azure.cli.core: botservice 0.009 12 42
cli.azure.cli.core: cdn 0.247 8 49
cli.azure.cli.core: cloud 0.004 1 7
cli.azure.cli.core: cognitiveservices 0.005 10 33
cli.azure.cli.core: compute_recommender 0.007 1 1
cli.azure.cli.core: config 0.003 2 7
cli.azure.cli.core: configure 0.002 2 5
cli.azure.cli.core: consumption 0.035 8 9
cli.azure.cli.core: container 0.018 1 11
cli.azure.cli.core: containerapp 0.198 36 115
cli.azure.cli.core: cosmosdb 0.025 58 199
cli.azure.cli.core: databoxedge 0.018 5 28
cli.azure.cli.core: dla 0.007 23 62
cli.azure.cli.core: dls 0.006 7 41
cli.azure.cli.core: dms 0.004 3 22
cli.azure.cli.core: eventgrid 0.008 25 96
cli.azure.cli.core: eventhubs 0.031 12 18
cli.azure.cli.core: extension 0.003 1 7
cli.azure.cli.core: feedback 0.002 1 2
cli.azure.cli.core: find 0.003 1 1
cli.azure.cli.core: hdinsight 0.015 8 39
cli.azure.cli.core: identity 0.005 2 11
cli.azure.cli.core: interactive 0.001 1 1
cli.azure.cli.core: iot 0.196 19 82
cli.azure.cli.core: keyvault 0.012 20 113
cli.azure.cli.core: kusto 0.005 3 14
cli.azure.cli.core: lab 0.007 11 34
cli.azure.cli.core: managedservices 0.004 3 8
cli.azure.cli.core: maps 0.004 5 13
cli.azure.cli.core: marketplaceordering 0.007 1 2
cli.azure.cli.core: monitor 0.983 17 60
cli.azure.cli.core: mysql 0.216 15 51
cli.azure.cli.core: netappfiles 0.098 8 17
cli.azure.cli.core: network 0.278 103 337
cli.azure.cli.core: policyinsights 0.027 9 17
cli.azure.cli.core: privatedns 0.102 14 60
cli.azure.cli.core: profile 0.004 2 8
cli.azure.cli.core: rdbms 0.036 49 202
cli.azure.cli.core: redis 0.005 7 38
cli.azure.cli.core: relay 0.056 7 8
cli.azure.cli.core: resource 0.020 51 231
cli.azure.cli.core: role 0.004 17 61
cli.azure.cli.core: search 0.018 7 19
cli.azure.cli.core: security 0.024 47 98
cli.azure.cli.core: servicebus 0.020 12 14
cli.azure.cli.core: serviceconnector 0.042 20 307
cli.azure.cli.core: servicefabric 0.029 27 80
cli.azure.cli.core: signalr 0.006 9 34
cli.azure.cli.core: sql 0.023 56 215
cli.azure.cli.core: sqlvm 0.065 4 20
cli.azure.cli.core: storage 0.055 59 273
cli.azure.cli.core: synapse 0.018 54 246
cli.azure.cli.core: util 0.003 3 7
cli.azure.cli.core: vm 0.110 58 233
cli.azure.cli.core: Total (66) 3.818 1202 4680
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: account 0.009 4 13 /home/user/.azure/cliextensions/account
cli.azure.cli.core: azure-devops 0.112 60 192 /home/user/.azure/cliextensions/azure-devops
cli.azure.cli.core: Total (2) 0.122 64 205
cli.azure.cli.core: Loaded 1251 groups, 4885 commands.
cli.azure.cli.core: Updated command index in 0.003 seconds.
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f286a090e00>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/user/.azure/commands/2024-07-08.13-45-34.containerapp_auth_update.8830.log'.
az_command_data_logger: command args: containerapp auth update -g {} -n {} --set {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7f286a0f91c0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7f286a0f9260>, <function register_cache_arguments..add_cache_arguments at 0x7f286a0f93a0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs [<function _documentdb_deprecate at 0x7f28686034c0>]
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f286afb62a0>, <function CLIQuery.handle_query_parameter at 0x7f286aff3d80>, <function register_ids_argument..parse_ids_arguments at 0x7f286a0f9300>, <function DevCommandsLoader.post_parse_args at 0x7f286446b1a0>]
cli.azure.cli.core.util: Found subscription ID ID in the URL https://management.azure.com/subscriptions/ID/resourceGroups/rg/providers/Microsoft.App/containerApps/frotend/authConfigs/current?api-version=2024-03-01
cli.azure.cli.core.util: Retrieving token for resource https://management.core.windows.net/, subscription ID
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/user/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /home/user/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/ID
msal.authority: openid_config("https://login.microsoftonline.com/ID/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/ID/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/ID/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/ID/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/ID/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/ID/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/ID/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/ID/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id:
cli.azure.cli.core.util: Request URL: 'https://management.azure.com/subscriptions/ID/resourceGroups//providers/Microsoft.App/containerApps//authConfigs/current?api-version=2024-03-01'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.8 (Linux-5.15.153.1-microsoft-standard-WSL2-x86_64-with-glibc2.31) AZURECLI/2.61.0 (DEB)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': 'ID'
cli.azure.cli.core.util: 'CommandName': 'containerapp auth update'
cli.azure.cli.core.util: 'ParameterSetName': '-g -n --set --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer ...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/ID/resourceGroups//providers/Microsoft.App/containerApps//authConfigs/current?api-version=2024-03-01 HTTP/1.1" 200 1093
cli.azure.cli.core.util: Response status: 200
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Pragma': 'no-cache'
cli.azure.cli.core.util: 'Content-Length': '1093'
cli.azure.cli.core.util: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.util: 'Expires': '-1'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.util: 'api-supported-versions': '2022-03-01, 2022-06-01-preview, 2022-10-01, 2022-11-01-preview, 2023-04-01-preview, 2023-05-01, 2023-05-02-preview, 2023-08-01-preview, 2023-11-02-preview, 2024-02-02-preview, 2024-03-01, 2024-08-02-preview'
cli.azure.cli.core.util: 'X-Powered-By': 'ASP.NET'
cli.azure.cli.core.util: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.util: 'x-ms-request-id': 'ID'
cli.azure.cli.core.util: 'x-ms-correlation-request-id': 'ID'
cli.azure.cli.core.util: 'x-ms-routing-request-id': 'WESTEUROPE:ID'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.util: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.util: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.util: 'X-MSEdge-Ref': 'Ref A: Ref Ref B: Ref Ref C'
cli.azure.cli.core.util: 'Date': 'Mon, 08 Jul 2024 11:45:35 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"id":"/subscriptions/ID/resourceGroups//providers/Microsoft.App/containerApps//authConfigs/current","name":"current","type":"Microsoft.App/containerapps/authconfigs","properties":{"platform":{"enabled":true},"globalValidation":{"unauthenticatedClientAction":"RedirectToLoginPage","redirectToProvider":"azureactivedirectory"},"identityProviders":{"azureActiveDirectory":{"registration":{"openIdIssuer":"https://sts.windows.net/ID/v2.0","clientId":"ID","clientSecretSettingName":"microsoft-provider-authentication-secret"},"login":{"loginParameters":["api:///user_impersonation"]},"validation":{"allowedAudiences":["api://"],"defaultAuthorizationPolicy":{"allowedPrincipals":{},"allowedApplications":["ID"]}},"isAutoProvisioned":true}},"login":{"routes":{},"preserveUrlFragmentsForLogins":false,"cookieExpiration":{},"nonce":{}},"encryptionSettings":{}}}
cli.azure.cli.core.util: Found subscription ID ID in the URL https://management.azure.com/subscriptions/ID/resourceGroups//providers/Microsoft.App/containerApps//authConfigs/current?api-version=2024-03-01
cli.azure.cli.core.util: Retrieving token for resource https://management.core.windows.net/, subscription ID
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/ID
msal.authority: openid_config("https://login.microsoftonline.com/ID/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/ID/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/ID/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/ID/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/ID/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/ID/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/ID/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/ID/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: ID
cli.azure.cli.core.util: Request URL: 'https://management.azure.com/subscriptions/ID/resourceGroups//providers/Microsoft.App/containerApps//authConfigs/current?api-version=2024-03-01'
cli.azure.cli.core.util: Request method: 'PUT'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.8 (Linux-5.15.153.1-microsoft-standard-WSL2-x86_64-with-glibc2.31) AZURECLI/2.61.0 (DEB)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': ''
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'CommandName': 'containerapp auth update'
cli.azure.cli.core.util: 'ParameterSetName': '-g -n --set --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer ...'
cli.azure.cli.core.util: 'Content-Length': '845'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: {"properties": {"platform": {"enabled": true}, "globalValidation": {"unauthenticatedClientAction": "RedirectToLoginPage", "redirectToProvider": "azureactivedirectory"}, "identityProviders": {"azureActiveDirectory": {"registration": {"openIdIssuer": "https://sts.windows.net/ID/v2.0", "clientId": "", "clientSecretSettingName": "microsoft-provider-authentication-secret"}, "login": {"loginParameters": "[scope"}, "validation": {"allowedAudiences": ["api://"], "defaultAuthorizationPolicy": {"allowedPrincipals": {}, "allowedApplications": [""]}}, "isAutoProvisioned": true}}, "login": {"routes": {}, "preserveUrlFragmentsForLogins": false, "cookieExpiration": {}, "nonce": {}}, "encryptionSettings": {}}}
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/ID/resourceGroups//providers/Microsoft.App/containerApps//authConfigs/current?api-version=2024-03-01 HTTP/1.1" 400 464
cli.azure.cli.core.util: Response status: 400
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Cache-Control': 'no-cache'
cli.azure.cli.core.util: 'Pragma': 'no-cache'
cli.azure.cli.core.util: 'Content-Length': '464'
cli.azure.cli.core.util: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.util: 'Expires': '-1'
cli.azure.cli.core.util: 'x-ms-ratelimit-remaining-subscription-writes': '199'
cli.azure.cli.core.util: 'X-Powered-By': 'ASP.NET'
cli.azure.cli.core.util: 'x-ms-ratelimit-remaining-subscription-global-writes': '2999'
cli.azure.cli.core.util: 'x-ms-request-id': 'ID'
cli.azure.cli.core.util: 'x-ms-correlation-request-id': 'ID'
cli.azure.cli.core.util: 'x-ms-routing-request-id': 'WESTEUROPE:ID'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.util: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.util: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.util: 'X-MSEdge-Ref': 'Ref A: Ref'
cli.azure.cli.core.util: 'Date': 'Mon, 08 Jul 2024 11:45:35 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"type":"https://tools.ietf.org/html/rfc9110#section-15.5.1","title":"One or more validation errors occurred.","status":400,"errors":{"$.properties.identityProviders.azureActiveDirectory.login.loginParameters":["The JSON value could not be converted to System.String[]. Path: $.properties.identityProviders.azureActiveDirectory.login.loginParameters | LineNumber: 0 | BytePositionInLine: 459."]}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/opt/az/lib/python3.11/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 664, in execute
raise ex
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 731, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 723, in _run_job
return cmd_copy.exception_handler(ex)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/site-packages/azure/cli/command_modules/containerapp/_client_factory.py", line 28, in _polish_bad_errors
raise ex
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 701, in _run_job
result = cmd_copy(params)
^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 334, in call
return self.handler(*args, kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(command_args)
^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/site-packages/azure/cli/command_modules/containerapp/custom.py", line 4763, in update_auth_config
return containerapp_auth_decorator.create_or_update()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/site-packages/azure/cli/command_modules/containerapp/containerapp_auth_decorator.py", line 81, in create_or_update
handle_raw_exception(e)
File "/opt/az/lib/python3.11/site-packages/azure/cli/command_modules/containerapp/_client_factory.py", line 60, in handle_raw_exception
raise e
File "/opt/az/lib/python3.11/site-packages/azure/cli/command_modules/containerapp/containerapp_auth_decorator.py", line 77, in create_or_update
return self.client.create_or_update(cmd=self.cmd, resource_group_name=self.get_argument_resource_group_name(),
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/site-packages/azure/cli/command_modules/containerapp/_clients.py", line 1386, in create_or_update
r = send_raw_request(cmd.cli_ctx, "PUT", request_url, body=json.dumps(auth_config_envelope))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/az/lib/python3.11/site-packages/azure/cli/core/util.py", line 1007, in send_raw_request
raise HTTPError(reason, r)
azure.cli.core.azclierror.HTTPError: Bad Request({"type":"https://tools.ietf.org/html/rfc9110#section-15.5.1","title":"One or more validation errors occurred.","status":400,"errors":{"$.properties.identityProviders.azureActiveDirectory.login.loginParameters":["The JSON value could not be converted to System.String[]. Path: $.properties.identityProviders.azureActiveDirectory.login.loginParameters | LineNumber: 0 | BytePositionInLine: 459."]}})
cli.azure.cli.core.azclierror: Bad Request({"type":"https://tools.ietf.org/html/rfc9110#section-15.5.1","title":"One or more validation errors occurred.","status":400,"errors":{"$.properties.identityProviders.azureActiveDirectory.login.loginParameters":["The JSON value could not be converted to System.String[]. Path: $.properties.identityProviders.azureActiveDirectory.login.loginParameters | LineNumber: 0 | BytePositionInLine: 459."]}}) az_command_data_logger: Bad Request({"type":"https://tools.ietf.org/html/rfc9110#section-15.5.1","title":"One or more validation errors occurred.","status":400,"errors":{"$.properties.identityProviders.azureActiveDirectory.login.loginParameters":["The JSON value could not be converted to System.String[]. Path: $.properties.identityProviders.azureActiveDirectory.login.loginParameters | LineNumber: 0 | BytePositionInLine: 459."]}}) cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f286a091080>] az_command_data_logger: exit code: 1 cli.main: Command ran in 5.579 seconds (init: 0.489, invoke: 5.090) cli.azure.cli.core.decorators: Suppress exception: Traceback (most recent call last): File "/opt/az/lib/python3.11/site-packages/azure/cli/main.py", line 62, in
raise ex
File "/opt/az/lib/python3.11/site-packages/azure/cli/main.py", line 55, in
sys.exit(exit_code)
SystemExit: 1
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/opt/az/lib/python3.11/site-packages/azure/cli/core/decorators.py", line 79, in _wrapped_func return func(*args, kwargs) ^^^^^^^^^^^^^^^^^^^^^ File "/opt/az/lib/python3.11/site-packages/azure/cli/core/telemetry.py", line 128, in generate_payload payload = json.dumps(self.events, separators=(',', ':')) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/az/lib/python3.11/json/init.py", line 238, in dumps kw).encode(obj) ^^^^^^^^^^^ File "/opt/az/lib/python3.11/json/encoder.py", line 200, in encode chunks = self.iterencode(o, _one_shot=True) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/az/lib/python3.11/json/encoder.py", line 258, in iterencode return _iterencode(o, 0) ^^^^^^^^^^^^^^^^^ File "/opt/az/lib/python3.11/json/encoder.py", line 180, in default raise TypeError(f'Object of type {o.class.name} ' TypeError: Object of type HTTPError is not JSON serializable
telemetry.main: Split cli events and extra events failure: the JSON object must be str, bytes or bytearray, not NoneType
Expected behavior
I expected
loginParameters
to be set to"scope=openid offline_access api://<backend-client-id>/user_impersonation"
Environment Summary
azure-cli 2.61.0
core 2.61.0 telemetry 1.1.0
Extensions: account 0.2.5 azure-devops 1.0.1
Dependencies: msal 1.28.0 azure-mgmt-resource 23.1.1
Python location '/opt/az/bin/python3' Extensions directory '/home/user/.azure/cliextensions'
Python (Linux) 3.11.8 (main, May 16 2024, 03:47:41) [GCC 9.4.0]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response