Az.Accounts Preview: Connect-AzAccount trys to open a browser in docker container

[J0F3]

Description

Connect-AzAccount of the 2.0.1-preview version of the Az.Account Module (which is need in some scenarios to be able to login with Az PowerShell at all) tries to open a browser even when running in docker container and the output says "Reverting to device code login".

The use of Device Authentication must be enforced with Connect-AzAccount -UseDeviceAuthentication otherwise Connect-AzAccount hangs indefinitely.

Steps to reproduce

1. docker run -it --rm mcr.microsoft.com/azure-powershell

2. Install Az.Account Preview Module

   Install-Module -Name Az.Accounts -AllowPrerelease -Force -SkipPublisherCheck -RequiredVersion '2.0.1-preview'

3. Login to Azure

   Connect-AzAccount

Environment data

Docker Image used:

mcr.microsoft.com/azure-powershell:4.7.0-alpine-3.10 

Name                           Value
----                           -----
PSVersion                      7.0.3
PSEdition                      Core
GitCommitId                    7.0.3
OS                             Linux 4.19.104-microsoft-standard #1 SMP Wed Feb 19 06:37:35 UTC 2020
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

docker version
Client: Docker Engine - Community
 Azure integration  0.1.15
 Version:           19.03.12
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        48a66213fe
 Built:             Mon Jun 22 15:45:36 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.12
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       48a66213fe
  Built:            Mon Jun 22 15:49:27 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Module versions

    Directory: /usr/local/share/powershell/Modules

ModuleType Version    PreRelease Name                                PSEdition ExportedCommands
---------- -------    ---------- ----                                --------- ----------------
Script     4.7.0                 Az                                  Core,Desk
Script     2.0.1      preview    Az.Accounts                         Core,Desk {Disable-AzDataCollection, Disable-AzContextAutosave, Enable-AzDataCollection, Enable…
Script     1.9.4                 Az.Accounts                         Core,Desk {Disable-AzDataCollection, Disable-AzContextAutosave, Enable-AzDataCollection, Enable…
Script     1.1.1                 Az.Advisor                          Core,Desk {Get-AzAdvisorRecommendation, Enable-AzAdvisorRecommendation, Disable-AzAdvisorRecomm…
Script     1.3.0                 Az.Aks                              Core,Desk {Get-AzAksCluster, New-AzAksCluster, Remove-AzAksCluster, Import-AzAksCredential…}
Script     1.1.4                 Az.AnalysisServices                 Core,Desk {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServicesServer, Get-AzAnalysisSer…
Script     2.1.0                 Az.ApiManagement                    Core,Desk {Add-AzApiManagementApiToGateway, Add-AzApiManagementApiToProduct, Add-AzApiManagemen…
Script     1.1.0                 Az.ApplicationInsights              Core,Desk {Get-AzApplicationInsights, New-AzApplicationInsights, Remove-AzApplicationInsights, …
Script     1.4.0                 Az.Automation                       Core,Desk {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHybridWorkerGroup, Get-AzAutom…
Script     3.1.0                 Az.Batch                            Core,Desk {Remove-AzBatchAccount, Get-AzBatchAccount, Get-AzBatchAccountKey, New-AzBatchAccount…
Script     1.0.3                 Az.Billing                          Core,Desk {Get-AzBillingInvoice, Get-AzBillingPeriod, Get-AzEnrollmentAccount, Get-AzConsumptio…
Script     1.4.3                 Az.Cdn                              Core,Desk {Get-AzCdnProfile, Get-AzCdnProfileSsoUrl, New-AzCdnProfile, Remove-AzCdnProfile…}
Script     1.6.0                 Az.CognitiveServices                Core,Desk {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAccountKey, Get-AzCognitiveSe…
Script     4.4.0                 Az.Compute                          Core,Desk {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAvailabilitySet, Update-AzAva…
Script     1.0.3                 Az.ContainerInstance                Core,Desk {New-AzContainerGroup, Get-AzContainerGroup, Remove-AzContainerGroup, Get-AzContainer…
Script     1.1.1                 Az.ContainerRegistry                Core,Desk {New-AzContainerRegistry, Get-AzContainerRegistry, Update-AzContainerRegistry, Remove…
Script     1.1.0                 Az.DataBoxEdge                      Core,Desk {Get-AzDataBoxEdgeJob, Get-AzDataBoxEdgeDevice, Invoke-AzDataBoxEdgeDevice, New-AzDat…
Script     1.10.1                Az.DataFactory                      Core,Desk {Set-AzDataFactoryV2, Update-AzDataFactoryV2, Get-AzDataFactoryV2, Remove-AzDataFacto…
Script     1.0.2                 Az.DataLakeAnalytics                Core,Desk {Get-AzDataLakeAnalyticsDataSource, New-AzDataLakeAnalyticsCatalogCredential, Remove-…
Script     1.2.8                 Az.DataLakeStore                    Core,Desk {Get-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeStoreTrustedIdProvider, Remov…
Script     1.0.0                 Az.DataShare                        Core,Desk {New-AzDataShareAccount, Get-AzDataShareAccount, Remove-AzDataShareAccount, New-AzDat…
Script     1.1.0                 Az.DeploymentManager                Core,Desk {Get-AzDeploymentManagerArtifactSource, New-AzDeploymentManagerArtifactSource, Set-Az…
Script     1.0.0                 Az.DesktopVirtualization            Core,Desk {Disconnect-AzWvdUserSession, Get-AzWvdApplication, Get-AzWvdApplicationGroup, Get-Az…
Script     1.0.2                 Az.DevTestLabs                      Core,Desk {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdownPolicy, Get-AzDtlAutoStartPolicy…
Script     1.1.2                 Az.Dns                              Core,Desk {Get-AzDnsRecordSet, New-AzDnsRecordConfig, Remove-AzDnsRecordSet, Set-AzDnsRecordSet…
Script     1.3.0                 Az.EventGrid                        Core,Desk {New-AzEventGridTopic, Get-AzEventGridTopic, Set-AzEventGridTopic, New-AzEventGridTop…
Script     1.6.0                 Az.EventHub                         Core,Desk {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzEventHubNamespace, Remove-Az…
Script     1.6.1                 Az.FrontDoor                        Core,Desk {New-AzFrontDoor, Get-AzFrontDoor, Set-AzFrontDoor, Remove-AzFrontDoor…}
Script     1.0.2                 Az.Functions                        Core,Desk {Get-AzFunctionApp, Get-AzFunctionAppAvailableLocation, Get-AzFunctionAppPlan, Get-Az…
Script     3.6.0                 Az.HDInsight                        Core,Desk {Get-AzHDInsightJob, New-AzHDInsightSqoopJobDefinition, Wait-AzHDInsightJob, New-AzHD…
Script     1.1.0                 Az.HealthcareApis                   Core,Desk {New-AzHealthcareApisService, Remove-AzHealthcareApisService, Set-AzHealthcareApisSer…
Script     2.5.0                 Az.IotHub                           Core,Desk {Add-AzIotHubKey, Get-AzIotHubEventHubConsumerGroup, Get-AzIotHubConnectionString, Ge…
Script     2.2.0                 Az.KeyVault                         Core,Desk {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, Stop-AzKeyVaultCertificateO…
Script     1.0.0                 Az.Kusto                            Core,Desk {Add-AzKustoClusterLanguageExtension, Add-AzKustoDatabasePrincipal, Get-AzKustoAttach…
Script     1.3.2                 Az.LogicApp                         Core,Desk {Get-AzIntegrationAccountAgreement, Get-AzIntegrationAccountAssembly, Get-AzIntegrati…
Script     1.1.3                 Az.MachineLearning                  Core,Desk {Move-AzMlCommitmentAssociation, Get-AzMlCommitmentAssociation, Get-AzMlCommitmentPla…
Script     1.1.0                 Az.Maintenance                      Core,Desk {Get-AzApplyUpdate, Get-AzConfigurationAssignment, Get-AzMaintenanceConfiguration, Ge…
Script     1.1.0                 Az.ManagedServices                  Core,Desk {Get-AzManagedServicesAssignment, New-AzManagedServicesAssignment, Remove-AzManagedSe…
Script     1.0.2                 Az.MarketplaceOrdering              Core,Desk {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms}
Script     1.1.1                 Az.Media                            Core,Desk {Sync-AzMediaServiceStorageKey, Set-AzMediaServiceKey, Get-AzMediaServiceKey, Get-AzM…
Script     2.1.0                 Az.Monitor                          Core,Desk {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile, Get-AzLogProfile…}
Script     3.4.0                 Az.Network                          Core,Desk {Add-AzApplicationGatewayAuthenticationCertificate, Get-AzApplicationGatewayAuthentic…
Script     1.1.1                 Az.NotificationHubs                 Core,Desk {Get-AzNotificationHub, Get-AzNotificationHubAuthorizationRule, Get-AzNotificationHub…
Script     2.3.0                 Az.OperationalInsights              Core,Desk {New-AzOperationalInsightsAzureActivityLogDataSource, New-AzOperationalInsightsCustom…
Script     1.3.1                 Az.PolicyInsights                   Core,Desk {Get-AzPolicyEvent, Get-AzPolicyState, Get-AzPolicyStateSummary, Get-AzPolicyRemediat…
Script     1.1.2                 Az.PowerBIEmbedded                  Core,Desk {Remove-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspaceCollection, Get-AzPowerBI…
Script     1.0.3                 Az.PrivateDns                       Core,Desk {Get-AzPrivateDnsZone, Remove-AzPrivateDnsZone, Set-AzPrivateDnsZone, New-AzPrivateDn…
Script     2.12.1                Az.RecoveryServices                 Core,Desk {Get-AzRecoveryServicesBackupProperty, Get-AzRecoveryServicesVault, Get-AzRecoverySer…
Script     1.2.1                 Az.RedisCache                       Core,Desk {Remove-AzRedisCachePatchSchedule, New-AzRedisCacheScheduleEntry, Get-AzRedisCachePat…
Script     1.0.3                 Az.Relay                            Core,Desk {New-AzRelayNamespace, Get-AzRelayNamespace, Set-AzRelayNamespace, Remove-AzRelayName…
Script     2.5.1                 Az.Resources                        Core,Desk {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzRoleAssignment, New-AzRoleAs…
Script     1.4.1                 Az.ServiceBus                       Core,Desk {New-AzServiceBusNamespace, Get-AzServiceBusNamespace, Set-AzServiceBusNamespace, Rem…
Script     2.2.0                 Az.ServiceFabric                    Core,Desk {Add-AzServiceFabricClientCertificate, Add-AzServiceFabricClusterCertificate, Add-AzS…
Script     1.2.0                 Az.SignalR                          Core,Desk {New-AzSignalR, Get-AzSignalR, Get-AzSignalRKey, New-AzSignalRKey…}
Script     2.10.0                Az.Sql                              Core,Desk {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlDatabaseTransparentDataEncrypti…
Script     1.1.0                 Az.SqlVirtualMachine                Core,Desk {New-AzSqlVM, Get-AzSqlVM, Update-AzSqlVM, Remove-AzSqlVM…}
Script     2.6.0                 Az.Storage                          Core,Desk {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStorageAccount, New-AzStorageAc…
Script     1.3.0                 Az.StorageSync                      Core,Desk {Invoke-AzStorageSyncCompatibilityCheck, New-AzStorageSyncService, Get-AzStorageSyncS…
Script     1.0.1                 Az.StreamAnalytics                  Core,Desk {Get-AzStreamAnalyticsFunction, Get-AzStreamAnalyticsDefaultFunctionDefinition, New-A…
Script     1.0.0                 Az.Support                          Core,Desk {Get-AzSupportService, Get-AzSupportProblemClassification, Get-AzSupportTicket, Get-A…
Script     1.0.4                 Az.TrafficManager                   Core,Desk {Add-AzTrafficManagerCustomHeaderToEndpoint, Remove-AzTrafficManagerCustomHeaderFromE…
Script     1.11.0                Az.Websites                         Core,Desk {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppServicePlan, Remove-AzAppServic…

    Directory: /opt/microsoft/powershell/7/Modules

ModuleType Version    PreRelease Name                                PSEdition ExportedCommands
---------- -------    ---------- ----                                --------- ----------------
Manifest   1.2.5                 Microsoft.PowerShell.Archive        Desk      {Compress-Archive, Expand-Archive}
Manifest   7.0.0.0               Microsoft.PowerShell.Host           Core      {Start-Transcript, Stop-Transcript}
Manifest   7.0.0.0               Microsoft.PowerShell.Management     Core      {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path…}
Manifest   7.0.0.0               Microsoft.PowerShell.Security       Core      {Get-Credential, Get-ExecutionPolicy, Set-ExecutionPolicy, ConvertFrom-SecureString…}
Manifest   7.0.0.0               Microsoft.PowerShell.Utility        Core      {Export-Alias, Get-Alias, Import-Alias, New-Alias…}
Script     1.4.7                 PackageManagement                   Desk      {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource…}
Script     2.2.4.1               PowerShellGet                       Desk      {Find-Command, Find-DSCResource, Find-Module, Find-RoleCapability…}
Script     2.0.5                 PSDesiredStateConfiguration         Core      {Configuration, New-DscChecksum, Get-DscResource, Invoke-DscResource}
Script     2.0.2                 PSReadLine                          Desk      {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remove-PSReadLineKeyHandler, Get…
Binary     2.0.3                 ThreadJob                           Desk      Start-ThreadJob

Debug output

WARNING: Context autosave is not supported in current environment and has been disabled temporarily.
WARNING: Persistence check failed. Inspect inner exception for details
DEBUG: Sought all Az modules and got latest version 4.7.0
DEBUG: 4:24:13 PM - ConnectAzureRmAccountCommand begin processing with ParameterSet 'UserWithSubscriptionId'.
DEBUG: 4:24:13 PM - Autosave setting from startup session: 'Process'
DEBUG: 4:24:13 PM - No autosave setting detected in environment variable 'AzContextAutoSave'.
DEBUG: 4:24:13 PM - Using Autosave scope 'Process'
DEBUG: [InteractiveUserAuthenticator] Creating IPublicClientApplication - ClientId: '1950a258-227b-4e31-a9cf-717495945fc2', Authority: 'https://login.microsoftonline.com/organizations', ReplyUrl: 'http://localhost:8400' UseAdfs: 'False'
DEBUG: [InteractiveUserAuthenticator] Calling AcquireTokenInteractive - Scopes: 'https://management.core.windows.net//.default'
DEBUG: [MSAL] Info: (False) MSAL 4.10.0.0 MSAL.CoreCLR N/A [09/24/2020 16:24:13 - 048ca88a-8de3-43d3-9376-79d4fcfbde90] (UnknownClient: 0.0.0.0) MSAL MSAL.CoreCLR with assembly version '4.10.0.0'. CorrelationId(048ca88a-8de3-43d3-9376-79d4fcfbde90)
DEBUG: [MSAL] Info: (False) MSAL 4.10.0.0 MSAL.CoreCLR N/A [09/24/2020 16:24:13 - 048ca88a-8de3-43d3-9376-79d4fcfbde90] (UnknownClient: 0.0.0.0) === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent:
Prompt: select_account
HasCustomWebUi: True

DEBUG: [MSAL] Info: (False) MSAL 4.10.0.0 MSAL.CoreCLR N/A [09/24/2020 16:24:13 - 048ca88a-8de3-43d3-9376-79d4fcfbde90] (UnknownClient: 0.0.0.0)
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -

DEBUG: [MSAL] Info: (False) MSAL 4.10.0.0 MSAL.CoreCLR N/A [09/24/2020 16:24:13 - 048ca88a-8de3-43d3-9376-79d4fcfbde90] (UnknownClient: 0.0.0.0) === Token Acquisition (InteractiveRequest) started:

        Authority Host: login.microsoftonline.com
DEBUG: [MSAL] Info: (False) MSAL 4.10.0.0 MSAL.CoreCLR N/A [09/24/2020 16:24:13 - 048ca88a-8de3-43d3-9376-79d4fcfbde90] (UnknownClient: 0.0.0.0) Fetching instance discovery from the network from host login.microsoftonline.com
DEBUG: [MSAL] Info: (False) MSAL 4.10.0.0 MSAL.CoreCLR N/A [09/24/2020 16:24:14 - 048ca88a-8de3-43d3-9376-79d4fcfbde90] (UnknownClient: 0.0.0.0) Resolving authority endpoints... Already resolved? - FALSE
DEBUG: [MSAL] Info: (False) MSAL 4.10.0.0 MSAL.CoreCLR N/A [09/24/2020 16:24:14 - 048ca88a-8de3-43d3-9376-79d4fcfbde90] (UnknownClient: 0.0.0.0) Using CustomWebUi to acquire the authorization code
DEBUG: [MSAL] Info: (False) MSAL 4.10.0.0 MSAL.CoreCLR N/A [09/24/2020 16:24:14 - 048ca88a-8de3-43d3-9376-79d4fcfbde90] (UnknownClient: 0.0.0.0) Calling CustomWebUi.AcquireAuthorizationCode
DEBUG: [CustomWebUi] Starting AcquireAuthorizationCodeAsync - AuthorizationUri: 'https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2F.default+offline_access+openid+profile&response_type=code&client_id=1950a258-227b-4e31-a9cf-717495945fc2&redirect_uri=http%3A%2F%2Flocalhost%3A8400&client-request-id=048ca88a-8de3-43d3-9376-79d4fcfbde90&x-client-SKU=MSAL.CoreCLR&x-client-Ver=4.10.0.0&prompt=select_account&code_challenge=dMLoV8ikBqsGurBwyoQPIvrJuNL07O7eR3Xh8QCJ23s&code_challenge_method=S256&state=e7755eae-f9a7-4b94-a51c-45ef482ad3df1d1c69a0-15a4-4af8-86a0-1436d4aa3ddb', RedirectUri: 'http://localhost:8400/'
WARNING: Attempting to launch a browser for authorization code login.
WARNING: Unable to launch a browser for authorization code login. Reverting to device code login.
WARNING: We have launched a browser for you to log in. For the old experience with device code flow, please run 'Connect-AzAccount -UseDeviceAuthentication'.

Error output

N/A Container hangs after runnting Connect-AzAccount. 

[dcaro]

Thanks @J0F3 for reporting this. @VeryEarly, @erich-wang we might want to consider the default behavior in the container with Az.Accounts 2.0 - Also seems related to #13029

[isra-fel]

Thanks for reporting. We'll fix this in the stable release of Az.Accounts. Closing the issue as duplicate of #13029