Tutorial does not work with Azure.Identity v. 1.3.0 - only v 1.2.2

[perkops]

In the tutorial, we are asked to reference the following two packages (latest version).

Azure.DigitalTwins.Core. This is the package for the Azure Digital Twins SDK for .NET. Azure.Identity. This library provides tools to help with authentication against Azure.

The tutorial works when using v. 1.2.2 of the Azure.Identity Nuget Package.

However, when using the latest version of Azure.Identity, v. 1.3.0, the code does not work, it will throw an error as below:

Unhandled exception. Azure.Identity.AuthenticationFailedException: SharedTokenCacheCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS70002: The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908. Trace ID: 5544d935-2370-405e-9275-ec0ac0a62900 Correlation ID: acca20b4-816b-486d-ae94-46a1439bfc8d Timestamp: 2020-12-22 09:07:26Z ---> MSAL.NetCore.4.22.0.0.MsalServiceException: ErrorCode: invalid_client Microsoft.Identity.Client.MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS70002: The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908. Trace ID: 5544d935-2370-405e-9275-ec0ac0a62900 Correlation ID: acca20b4-816b-486d-ae94-46a1439bfc8d Timestamp: 2020-12-22 09:07:26Z at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext) at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext) at Microsoft.Identity.Client.OAuth2.OAuth2Client.ExecuteRequestAsync[T](Uri endPoint, HttpMethod method, RequestContext requestContext, Boolean expectErrorsOn200OK, Boolean addCommonHeaders) at Microsoft.Identity.Client.OAuth2.OAuth2Client.GetTokenAsync(Uri endPoint, RequestContext requestContext, Boolean addCommonHeaders) at Microsoft.Identity.Client.OAuth2.TokenClient.SendHttpAndClearTelemetryAsync(String tokenEndpoint) at Microsoft.Identity.Client.OAuth2.TokenClient.SendHttpAndClearTelemetryAsync(String tokenEndpoint) at Microsoft.Identity.Client.OAuth2.TokenClient.SendTokenRequestAsync(IDictionary2 additionalBodyParameters, String scopeOverride, String tokenEndpointOverride, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.SendTokenRequestAsync(String tokenEndpoint, IDictionary2 additionalBodyParameters, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.Silent.CacheSilentStrategy.RefreshAccessTokenAsync(MsalRefreshTokenCacheItem msalRefreshTokenItem, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.Silent.CacheSilentStrategy.TryGetTokenUsingFociAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.Silent.CacheSilentStrategy.RefreshRtOrFailAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.Silent.CacheSilentStrategy.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.Silent.CacheSilentStrategy.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.ApiConfig.Executors.ClientApplicationBaseExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenSilentParameters silentParameters, CancellationToken cancellationToken) at Azure.Identity.AbstractAcquireTokenParameterBuilderExtensions.ExecuteAsync[T](AbstractAcquireTokenParameterBuilder`1 builder, Boolean async, CancellationToken cancellationToken) at Azure.Identity.MsalPublicClient.AcquireTokenSilentAsync(String[] scopes, IAccount account, Boolean async, CancellationToken cancellationToken) at Azure.Identity.SharedTokenCacheCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken) StatusCode: 401 ResponseBody: {"error":"invalid_client","error_description":"AADSTS70002: The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.\r\nTrace ID: 5544d935-2370-405e-9275-ec0ac0a62900\r\nCorrelation ID: acca20b4-816b-486d-ae94-46a1439bfc8d\r\nTimestamp: 2020-12-22 09:07:26Z","error_codes":[70002],"timestamp":"2020-12-22 09:07:26Z","trace_id":"5544d935-2370-405e-9275-ec0ac0a62900","correlation_id":"acca20b4-816b-486d-ae94-46a1439bfc8d","error_uri":"https://login.microsoftonline.com/error?code=70002"} Headers: Cache-Control: no-store, no-cache Pragma: no-cache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" client-request-id: acca20b4-816b-486d-ae94-46a1439bfc8d x-ms-request-id: 5544d935-2370-405e-9275-ec0ac0a62900 x-ms-ests-server: 2.1.11328.13 - DUB2 ProdSlices x-ms-clitelem: 1,70002,0,1546621.8255, Set-Cookie: fpc=xxxx; expires=Thu, 21-Jan-2021 09:07:26 GMT; path=/; secure; HttpOnly; SameSite=None,x-ms-gateway-slice=prod; path=/; secure; samesite=none; httponly,stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Tue, 22 Dec 2020 09:07:25 GMT

--- End of inner exception stack trace --- at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex) at Azure.Identity.SharedTokenCacheCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken) at Azure.Identity.SharedTokenCacheCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) at Azure.Identity.DefaultAzureCredential.GetTokenFromSourcesAsync(TokenCredential[] sources, TokenRequestContext requestContext, Boolean async, CancellationToken cancellationToken) at Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken) at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex) at Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken) at Azure.Identity.DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken) at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetHeaderValueFromCredentialAsync(HttpMessage message, Boolean async, CancellationToken cancellationToken) at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetHeaderValueAsync(HttpMessage message, Boolean async) at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory1 pipeline, Boolean async) at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory1 pipeline) at Azure.DigitalTwins.Core.DigitalTwinModelsRestClient.AddAsync(IEnumerable1 models, CreateModelsOptions digitalTwinModelsAddOptions, CancellationToken cancellationToken) at Azure.DigitalTwins.Core.DigitalTwinsClient.CreateModelsAsync(IEnumerable1 dtdlModels, CancellationToken cancellationToken) at DigitalTwinsCodeTutorial.Program.Main(String[] args)

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 5389e8ca-c178-1b35-5745-105638c647c6
• Version Independent ID: c0e2213c-aba0-24b9-4285-644ca1d39837
• Content: Tutorial: Code a client app - Azure Digital Twins
• Content Source: articles/digital-twins/tutorial-code.md
• Service: digital-twins
• GitHub Login: @baanders
• Microsoft Alias: baanders

[asergaz]

@perkops thank you so much for reporting this issue. We are checking internally if there is a hard dependency of the version 1.2.x for Azure.Identity Nuget Package and update the doc if this is expected (adding a note) or if this tutorial should work with version 1.3.0, fix the issue.

fyi @baanders

[danhellem]

@perkops I am not able to reproduce the issue. It is working fine when following the sample and creating a new client. Any chance you can send me a url to your repo and we can do a double check with you?

string adtInstanceUrl = "https://<digital twins instance>";

var credential = new DefaultAzureCredential();
DigitalTwinsClient client = new DigitalTwinsClient(new Uri(adtInstanceUrl), credential);
Console.WriteLine($"Service client created – ready to go");

[asergaz]

Hello @perkops let us know if you are still facing the issue?

I will close the issue for now. If you can still reproduce the issue or there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.

[perkops]

Hi @asergaz and @danhellem,

Its not in the creation of the ServiceClient that the code fails, it is further down in the example:

public static async Task Main(string[] args)
{
      string adtInstanceUrl = "https://XXXXXXX.api.weu.digitaltwins.azure.net";
      var credential = new DefaultAzureCredential();
      DigitalTwinsClient client = new DigitalTwinsClient(new Uri(adtInstanceUrl), credential);
      Console.WriteLine($"Service client created – ready to go");

      Console.WriteLine();
      Console.WriteLine($"Upload a model");
      var typeList = new List<string>();
      string dtdl = await File.ReadAllTextAsync("SampleModel.json");
      typeList.Add(dtdl);

      // Upload the model to the service
      try
      {
          await client.CreateModelsAsync(typeList);  // This call fails with v. 1.3.0, but works with v. 1.2.2
      }
      catch (RequestFailedException rex)
      {
          Console.WriteLine($"Load model: {rex.Status}:{rex.Message}");
      }
}

[perkops]

Just for reference - the SampleModel.json

{
  "@id": "dtmi:example:SampleModel;1",
  "@type": "Interface",
  "displayName": "SampleModel",
  "contents": [
    {
      "@type": "Relationship",
      "name": "contains"
    },
    {
      "@type": "Property",
      "name": "data",
      "schema": "string"
    }
  ],
  "@context": "dtmi:dtdl:context;2"
}

[danhellem]

@perkops give me a day or two, I will test out the full example then and see what happens. Stand by.

[danhellem]

@perkops I am able to reproduce 😢. We will have someone from engineering take a look and find out what is going on. Thanks for bringing it to our attention 👏.

[baanders]

In the meantime, I am adding a known issue for this to the documentation via PR #141997.

[baanders]

As the documentation has now been updated to capture this as a known issue, I'm going to close this documentation issue thread.

Meanwhile, we're working with our engineering team to investigate the source of the issue and see how best to resolve. I'll follow up on this thread when more information becomes available, and to notify of any subsequent docs updates describing the fix. Thank you!

please-close

[baanders]

Back with an update! (Hi @perkops)

Engineering was able to run the code without issue, and suggests this may be a configuration issue with Azure.Identity, rather than something applicable to all of Azure Digital Twins that is broken or misconfigured.

If downgrading to an earlier version of Azure.Identity is working for you, this has no functional impact to Azure Digital Twins and thus is currently a fine solution!

Another possible action that may resolve the issue is to exclude SharedTokenCacheCredential, as described in this DefaultAzureCredential issue that is currently open against Azure.Identity. This workaround may be another possible solution while the identity team works on the related underlying fix.

I'll be editing the known issue documentation to reflect this in PR #142211.