search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.95k stars 2.93k forks source link

az login with interactive login via browser fails with AADSTS900144: The request body must contain the following parameter: 'client_id'. #29364

Open rtgeha opened 1 month ago

rtgeha commented 1 month ago

Describe the bug

az login fails when trying to use "login in web browser"

Related command

az login

Errors

AADSTS900144: The request body must contain the following parameter: 'client_id'.

Issue script & Debug output

The error message is in the browser, I have to cancel the login process of the CLI, since I cannot successfully login

Expected behavior

Successful login, after opening the browser window where I am already authenticated

Environment Summary

azure-cli 2.62.0

core 2.62.0 telemetry 1.1.0

Extensions: account 0.2.5

Dependencies: msal 1.28.1 azure-mgmt-resource 23.1.1

OS: current ubuntu lts

Additional context

No response

yonzhan commented 1 month ago

Thank you for opening this issue, we will look into it.

jiasli commented 1 month ago

Could you please share the URL that was opened in the browser?

rtgeha commented 1 month ago

The URL was similar to "https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/oauth2/v2.0/authorize".

I have replaced the part of the URL that is the the OrganizationID of my EntraID tenant

jiasli commented 1 month ago

Please kindly share the full URL with the query parameter. There is no sensitive information in it. You only need to redact the tenant ID if you want.

It should look like https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A45769&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2F.default+offline_access+openid+profile&state=HcETyWBovKIzUwDF&code_challenge=102IM0ww-Z981klrvhDZ_Be8VuqyykccxQY7GFtSKgg&code_challenge_method=S256&nonce=d18aed471850b825c8671081dfa1c5092a8417667cea84887eb1c4bbf663f056&client_info=1&claims=%7B%22access_token%22%3A+%7B%22xms_cc%22%3A+%7B%22values%22%3A+%5B%22CP1%22%5D%7D%7D%7D&prompt=select_account

jiasli commented 1 month ago

Does the URL contain a client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46 query parameter? The URL should should look like https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&...

The browser will be automatically opened. You shouldn't click on the URL in the warning message:

image

Otherwise, the browser will show AADSTS900144 error:

image

Also, which version of Ubuntu are you using? Are you using WSL?

rtgeha commented 1 month ago

I am using Ubuntu 22.04.4 LTS on WSL.

Since the browser is not successfully opened by az login, it would be great if the URL in the warning message would still work as in previous versions of the Azure CLI. You also need to consider use cases where people just use SSH to connect to a server or systems where no desktop system is installed