Git 2.46 and Azure CLI 2.64 Authentication issue

[Mikester1000]

Hello,

I have been running Git Bash on Windows 2.46 and earlier with Azure CLI 2.3x; all was working well with authentication to Azure (az login) with MFA.

I recently upgraded my Azure CLI to 2.64 and as of 2.61 Microsoft added a new prompt when they see multiple subscription IDs, the first prompt is to choose the subscription ID and then it launches the browser window for authentication.

What happens though in my Git Bash shell is that nothing happens, no option to choose subscription is presented and no browser window pops up for authentication.

Is anyone else experiencing this?

I am able to work around the issue by performing an az login --use device-code and manually head over to microsoft.com/devicelogin and enter the device code that is produced by the login command which then kicks off the MFA piece to complete the login.

I did try exporting the AZURE_SUBSCRIPTION_ID variable with the subscription ID however that did not help.

Environment specifics: Windows 10 version 10.0.19045.4780 (22H2) 64-bit

Git 2.46

$ git --version --build-options git version 2.46.0.windows.1 cpu: x86_64 built from commit: 2e6a859ffc0471f60f79c1256f766042b0d5d17d sizeof-long: 4 sizeof-size_t: 8 shell-path: D:/git-sdk-64-build-installers/usr/bin/sh feature: fsmonitor--daemon libcurl: 8.9.0 OpenSSL: OpenSSL 3.2.2 4 Jun 2024 zlib: 1.3.1

Azure CLI 2.64

$ az --version azure-cli 2.64.0

core 2.64.0 telemetry 1.1.0

Dependencies: msal 1.30.0 azure-mgmt-resource 23.1.1

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe' Extensions directory 'C:\Users\.azure\cliextensions'

Python (Windows) 3.11.8 (tags/v3.11.8:db85d51, Feb 6 2024, 22:03:32) [MSC v.1937 64 bit (AMD64)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Just wondering if I need to change something to get the regular login working again or if this is a new issue. Thank you for your time.

Regards,

Mike.

[rimrul]

So to clarify, you're running az login (with some set of arguments) in Git Bash and don't see any output from that command?

It should now prompt on the CLI before opening the browser, correct?

Does it work if you run winpty az login (plus some arguments)?

[Mikester1000]

So to clarify, you're running az login (with some set of arguments) in Git Bash and don't see any output from that command?

It should now prompt on the CLI before opening the browser, correct?

Does it work if you run winpty az login (plus some arguments)?

Thank you for the quick response, I am not using any arguments when I do an 'az login'; it's more of an interactive login so that I can access Azure services using the CLI.

Here's the actual output:

$ az login WARNING: Select the account you want to log in with. For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136

What I should see after the warning is a list of my subscriptions and the option to choose the one I want, however it just returns to the shell prompt and that's the end of it.

As for winpty, I don't have that set up so I get an error that az is not in the path. Where do I set that so I can try it out?

Regards,

Mike.

[dscho]

As for winpty, I don't have that set up so I get an error that az is not in the path.

winpty is distributed with Git for Windows.

The error you are seeing is most likely this:

$ winpty az
winpty: error: cannot start 'az': Not found in PATH

For future reference, it is always a good idea to err on being more verbose and paste exact invocations and error messages than to mention in passing that there was some error. The added round-trip time can easily be avoided.

Let's look for az:

$ cmd //c "where az"
C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az
C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd

Aha! az is not actually an executable, it is a Unix shell script. So this invocation works (using Bash's built-in automatic search along the PATH):

$ winpty sh az version
{
  "azure-cli": "2.64.0",
  "azure-cli-core": "2.64.0",
  "azure-cli-telemetry": "1.1.0",
  "extensions": {
    "account": "0.2.5",
    "interactive": "0.5.3"
  }
}

Another way that also works is to use the Batch script instead (which might be preferable, as it is "more native" to Windows and will avoid the start-up cost of Bash's POSIX emulation layer, i.e. of the MSYS2 runtime):

$ winpty az.cmd version
{
  "azure-cli": "2.64.0",
  "azure-cli-core": "2.64.0",
  "azure-cli-telemetry": "1.1.0",
  "extensions": {
    "account": "0.2.5",
    "interactive": "0.5.3"
  }
}

Another alternative (which will become the default soon, and at that stage this type of problem should go away) is to use the Pseudo Console support of the MSYS2 runtime. Try this, for example:

MSYS=enable_pcon az interactive

[Mikester1000]

You are correct in the error I get when attempting to run winpty. I also get slightly different output than you show.

$ winpty sh az version { "azure-cli": "2.64.0", "azure-cli-core": "2.64.0", "azure-cli-telemetry": "1.1.0", "extensions": {} }

no extensions whereas you show 2. And for the second one, it appears to fail:

$ winpty sh az.cmd version /c/Program Files/Microsoft SDKs/Azure/CLI2/wbin/az.cmd: line 1: ::: command not found /c/Program Files/Microsoft SDKs/Azure/CLI2/wbin/az.cmd: line 2: ::: command not found /c/Program Files/Microsoft SDKs/Azure/CLI2/wbin/az.cmd: az.cmd: line 3: syntax error near unexpected token (' /c/Program Files/Microsoft SDKs/Azure/CLI2/wbin/az.cmd: az.cmd: line 3::: Copyright (C) Microsoft Corporation. All Rights Reserved .'

Which is interesting given az.cmd is in the path it shows. Here's the contents:

:: :: Microsoft Azure CLI - Windows Installer - Author file components script :: Copyright (C) Microsoft Corporation. All Rights Reserved. ::

@IF EXIST "%~dp0..\python.exe" ( SET AZ_INSTALLER=MSI "%~dp0..\python.exe" -IBm azure.cli %* ) ELSE ( echo Failed to load python executable. exit /b 1 )

As for MSYS2, I'll wait until it is officially a release, still in preview.

Regards,

Mike.

[dscho]

And for the second one, it appears to fail:

$ winpty sh az.cmd version
/c/Program Files/Microsoft SDKs/Azure/CLI2/wbin/az.cmd: line 1: ::: command not found

The major difference is that I did not call the Batch script with sh 😄: winpty sh az.cmd version

[Mikester1000]

I ran the command without the 'sh' and here's the output:

$ winpty az.cmd version
{
  "azure-cli": "2.64.0",
  "azure-cli-core": "2.64.0",
  "azure-cli-telemetry": "1.1.0",
  "extensions": {
    "interactive": "0.5.3"
  }
}

I then did :

$ winpty az.cmd login

and it then popped up the browser window for creds and when I selected the appropriate credential it prompted for the subscription so it is working.

I'm just confused as to why this changed? Is this now a requirement that I run winpty rather than just az login? Again, this used to work.

Regards,

Mike.

[dscho]

I do not know what exactly changed. Maybe the Azure CLI used to not interact with the user on the Console? In any case, the upcoming Git for Windows v2.47 release (which is scheduled on Oct 7) should fix this. To make sure, I encourage you to test with the -rc versions (-rc0 is scheduled on Sep 26, i.e. Thursday next week).

[Mikester1000]

No worries and thank you again for all the guidance on this. With the current workarounds working, I am comfortable to wait and see what the next version(s) of Git for Windows will bring.

Regards,

Mike.