search

Azure / azure-sdk-for-go

This repository is for active development of the Azure SDK for Go. For consumers of the SDK we recommend visiting our public developer docs at:
https://docs.microsoft.com/azure/developer/go/
MIT License
1.64k stars 844 forks source link

Graph Client suffixing v2.0 to the tenantID #23723

Closed hazcod closed 22 hours ago

hazcod commented 1 day ago

Re-post from https://github.com/microsoftgraph/msgraph-sdk-go/issues/800

Describe the bug

An odd one, but when I call the following, 'v2.0' is suffixed to my tenantID:

FATA[0007] failed to get existing az devices             error="failed to retrieve managed devices: ClientSecretCredential authentication failed. \nGET https://login.microsoftonline.com/xxx-xxx-498f-b7a8-3a9b533bb4b2v2.0/.well-known/openid-configuration\n--------------------------------------------------------------------------------\nRESPONSE 400: 400 Bad Request\n--------------------------------------------------------------------------------\n{\n  \"error\": \"invalid_tenant\",\n  \"error_description\": \"AADSTS90002: Tenant 'xxx-xxx-498f-b7a8-3a9b533bb4b2v2.0' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant. Trace ID: 54ff98ce-381d-40a3-8ad5-ecebfc602800 Correlation ID: 40af2ef1-7d3b-426c-9bac-86f2ed499fba Timestamp: 2024-11-06 15:14:50Z\",\n  \"error_codes\": [\n    90002\n  ],\n  \"timestamp\": \"2024-11-06 15:14:50Z\",\n  \"trace_id\": \"54ff98ce-381d-40a3-8ad5-ecebfc602800\",\n  \"correlation_id\": \"40af2ef1-7d3b-426c-9bac-86f2ed499fba\",\n  \"error_uri\": \"https://login.microsoftonline.com/error?code=90002\"\n}\n--------------------------------------------------------------------------------\nTo troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#client-secret"

My code:

package azure

import (
    "context"
    "fmt"
    "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
    msGraph "github.com/microsoftgraph/msgraph-sdk-go"
    "github.com/microsoftgraph/msgraph-sdk-go/devicemanagement"
    "github.com/sirupsen/logrus"
)

type Azure struct {
    logger      *logrus.Logger
    graphClient *msGraph.GraphServiceClient
}

func New(logger *logrus.Logger, tenantID, clientID, clientSecret string) (*Azure, error) {
    if logger == nil {
        logger = logrus.New()
    }

    if tenantID == "" || clientID == "" || clientSecret == "" {
        return nil, fmt.Errorf("azure: tenant id and client id and client secret are required")
    }

    azCreds, err := azidentity.NewClientSecretCredential(tenantID, clientID, clientSecret, nil)
    if err != nil {
        return nil, fmt.Errorf("could not authenticate to Azure: %v", err)
    }

    graphClient, err := msGraph.NewGraphServiceClientWithCredentials(azCreds, []string{"https://graph.microsoft.com/.default"})
    if err != nil {
        return nil, fmt.Errorf("could not create Azure client: %v", err)
    }

    _, err = graphClient.DeviceManagement().ManagedDevices().Get(context.Background(), &devicemanagement.ManagedDevicesRequestBuilderGetRequestConfiguration{
        QueryParameters: &devicemanagement.ManagedDevicesRequestBuilderGetQueryParameters{
            Select: []string{"id", "azureADDeviceId", "operatingSystem", "complianceState", "serialNumber"},
        },
    })
    if err != nil {
        return nil, fmt.Errorf("failed to retrieve managed devices: %v", err)
    }

    return &Azure{
        logger:      logger,
        graphClient: graphClient,
    }, nil
}

Expected behavior

Auth working.

How to reproduce

Run the code above.

SDK Version

v1.51.0

Latest version known to work for scenario above?

not sure

Known Workarounds

No response

Debug output

Click to expand log ``` ```

Configuration

Other information

No response

jhendrixMSFT commented 1 day ago

This was a regression in MSAL. I believe updating to the latest version should resolve the issue (see https://github.com/Azure/azure-sdk-for-go/issues/23699 for more info).

cc @chlowell

github-actions[bot] commented 1 day ago

Hi @hazcod. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

hazcod commented 22 hours ago

Can confirm this fixed it!