freddydk
commented
3 days ago This is a bug - will investigate how we can renew the ID_TOKEN (ClientAssertion) from deep inside.
Open florian-d opened 3 days ago
freddydk
commented
3 days ago This is a bug - will investigate how we can renew the ID_TOKEN (ClientAssertion) from deep inside.
AL-Go version
6.0
Describe the issue
TLDR; Deploying to SaaS Environment fails after 60 minutes with 401 (Unauthorized).
We are using federated credentials (S2S Auth). AL-Go gets an Access Token successfully. Apps are getting deployed.
But: If deployment takes longer then 60 Minutes, pipeline fails with 401 (Unauthorized). Result: First half of our apps are deployed successfully. 2nd half is missing. So far I understood Access Tokens need to be refreshed every 59:59 Minutes. Maybe AL-Go does not refresh Access Tokens after they get invalid?
I can retry the deployment. AL-GO only deploys the missing apps. => I need two pipeline runs to deploy all apps.
Expected behavior
If deployment takes > 60 Minutes, Access Tokens are refreshed.
Steps to reproduce
Create a repository with multiple apps, in one single project. Deployment needs to take more then 60 Minutes. Try to deploy. After 60 minutes passed by, any upcoming app can't be deployed due to Unauthorized Error.
Additional context (logs, screenshots, etc.)
<AppName 1>.app - Setting execute permissions on altool upgrading.... InProgress....................................... Completed <AppName 2>.app - Setting execute permissions on altool upgrading.... InProgress........................... Completed <AppName 3>.app - Setting execute permissions on altool upgrading....Attempting authentication to https://api.businesscentral.dynamics.com/.default using clientCredentials... Response status code does not indicate success: 401 (Unauthorized). invalid_client AADSTS700024: Client assertion is not within its valid time range. Current time: 2024-11-12T09:50:56.9053107Z, assertion valid from 2024-11-12T08:55:31.0000000Z, expiry time of assertion 2024-11-12T09:00:31.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: 5343a495-cd62-4fbe-bf65-f63e51850c00 Correlation ID: b425fe09-28b3-4bcf-9058-d0a8cbd2ae35 Timestamp: 2024-11-12 09:50:56Z Response status code does not indicate success: 401 (Unauthorized).
Authentication failed
Error: The property 'AccessToken' cannot be found on this object. Verify that the property exists.. Retrying in 60 seconds
Error: BcAuthContext should be a HashTable created by New-BcAuthContext.. Retrying in 120 seconds
Error: BcAuthContext should be a HashTable created by New-BcAuthContext.. Retrying in 240 seconds