search

Azure / azure-dev

A developer CLI that reduces the time it takes for you to get started on Azure. The Azure Developer CLI (azd) provides a set of developer-friendly commands that map to key stages in your workflow - code, build, deploy, monitor, repeat.
https://aka.ms/azd
MIT License
369 stars 166 forks source link

[Issue] AzureDeveloperCliCredential.get_token failed #3829

Closed diberry closed 2 weeks ago

diberry commented 2 weeks ago

Output from azd version Run azd version and copy and paste the output here: azd version 1.8.2 (commit 14600c7a54edac4f54397413f8638431f5c16327)

Describe the bug

  1. Login with azd
  2. Less than 2 minutes later get 
AzureDeveloperCliCredential.get_token failed: {"type":"consoleMessage","timestamp":"2024-05-01T15:32:41.843902761Z","data":{"message":"fetching token: reauthentication required, run `azd auth login --scope https://graph.microsoft.com/.default` to log in\n"}}

Traceback (most recent call last):
  File "/workspaces/azure-search-openai-demo/./scripts/auth_init.py", line 204, in <module>
    asyncio.run(main())
  File "/usr/local/lib/python3.11/asyncio/runners.py", line 190, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/asyncio/runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/asyncio/base_events.py", line 654, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "/workspaces/azure-search-openai-demo/./scripts/auth_init.py", line 179, in main
    server_object_id, server_app_id, _ = await create_or_update_application_with_secret(
                                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/workspaces/azure-search-openai-demo/./scripts/auth_init.py", line 61, in create_or_update_application_with_secret
    object_id, app_id = await create_application(graph_client, request_app)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/workspaces/azure-search-openai-demo/./scripts/auth_init.py", line 28, in create_application
    app = await graph_client.applications.post(request_app)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/workspaces/azure-search-openai-demo/.venv/lib/python3.11/site-packages/msgraph/generated/applications/applications_request_builder.py", line 95, in post
    return await self.request_adapter.send_async(request_info, Application, error_mapping)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/workspaces/azure-search-openai-demo/.venv/lib/python3.11/site-packages/kiota_http/httpx_request_adapter.py", line 178, in send_async
    response = await self.get_http_response_message(request_info, parent_span)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/workspaces/azure-search-openai-demo/.venv/lib/python3.11/site-packages/kiota_http/httpx_request_adapter.py", line 523, in get_http_response_message
    await self._authentication_provider.authenticate_request(
  File "/workspaces/azure-search-openai-demo/.venv/lib/python3.11/site-packages/kiota_abstractions/authentication/base_bearer_token_authentication_provider.py", line 50, in authenticate_request
    token = await self.access_token_provider.get_authorization_token(
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/workspaces/azure-search-openai-demo/.venv/lib/python3.11/site-packages/kiota_authentication_azure/azure_identity_access_token_provider.py", line 106, in get_authorization_token
    result = await result
             ^^^^^^^^^^^^
  File "/workspaces/azure-search-openai-demo/.venv/lib/python3.11/site-packages/azure/identity/aio/_internal/decorators.py", line 21, in wrapper
    token = await fn(*args, **kwargs)
            ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/workspaces/azure-search-openai-demo/.venv/lib/python3.11/site-packages/azure/identity/aio/_credentials/azd_cli.py", line 130, in get_token
    output = await _run_command(command, self._process_timeout)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/workspaces/azure-search-openai-demo/.venv/lib/python3.11/site-packages/azure/identity/aio/_credentials/azd_cli.py", line 195, in _run_command
    raise ClientAuthenticationError(message=message)
azure.core.exceptions.ClientAuthenticationError: {"type":"consoleMessage","timestamp":"2024-05-01T15:32:41.843902761Z","data":{"message":"fetching token: reauthentication required, run `azd auth login --scope https://graph.microsoft.com/.default` to log in\n"}}

ERROR: failed running pre hooks: 'preprovision' hook failed with exit code: '1', Path: './scripts/auth_init.sh'. : exit code: 1

ERROR: error executing step command 'provision': failed running pre hooks: 'preprovision' hook failed with exit code: '1', Path: './scripts/auth_init.sh'. : exit code: 1

To Reproduce

  1. Open https://github.com/azure-samples/azure-search-openai-demo in Codespace (not fork, not local clone).
  2. azd auth login --use-device-code
  3. Set env vars
AZURE_AUTH_TENANT_ID="72f988bf-..."
AZURE_ENV_NAME="diberry-document-security-acls"
AZURE_LOCATION="swedencentral"
AZURE_SUBSCRIPTION_ID="2123cb08-..."
AZURE_TENANT_ID="72f988bf-..."
AZURE_USE_AUTHENTICATION="true"
  1. azd up

Expected behavior Why is the token failing so quickly after creating it.

Environment Information on your environment:

Additional context Add any other context about the problem here.

diberry commented 2 weeks ago

Closing since this appears to be an issue about MS subs and tenants.