A lot of error logs about AcquireTokenSilentSupplier

[chenrujun]

Plugin name and version

Name: com.microsoft.azure:azure-spring-apps-maven-plugin Version:1.16.0

Plugin configuration in your pom.xml

Nothing

Expected behavior

Expect the command run successfully:

./mvnw com.microsoft.azure:azure-spring-apps-maven-plugin:1.16.0:config

Actual behavior

Above command prints a log of error log like this:

$ ./mvnw com.microsoft.azure:azure-spring-apps-maven-plugin:1.16.0:config
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building boot-for-azure 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- azure-spring-apps-maven-plugin:1.16.0:config (default-cli) @ demo ---
[ERROR] ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, Network is unreachable: no further information.
ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, Network is unreachable: no further information.
[ERROR] Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Managed Identity authentication is not available.
[ERROR] Failed to acquire a new access token.
[INFO] Auth type: OAUTH2
[INFO] Azure Identity => getToken() result for scopes [https://management.core.windows.net//.default]: SUCCESS
[INFO] {"az.sdk.message":"Retry attempts have been exhausted.","tryCount":0}
[INFO] Returning token from cache
[INFO] Azure Identity => getToken() result for scopes [https://management.core.windows.net//.default]: SUCCESS
[INFO] {"az.sdk.message":"Retry attempts have been exhausted.","tryCount":0}
[INFO] Returning token from cache
[INFO] Azure Identity => getToken() result for scopes [https://management.core.windows.net//.default]: SUCCESS
[INFO] {"az.sdk.message":"Retry attempts have been exhausted.","tryCount":0}
[INFO] Returning token from cache
[INFO] Azure Identity => getToken() result for scopes [https://management.core.windows.net//.default]: SUCCESS
[INFO] {"az.sdk.message":"Retry attempts have been exhausted.","tryCount":0}
[ERROR] [Correlation ID: 4f3196a2-55fd-4556-9697-6e6634fea22c] Execution of class com.microsoft.aad.msal4j.AcquireTokenSilentSupplier failed.
com.microsoft.aad.msal4j.MsalInteractionRequiredException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '797f4846-ba00-4fd7-ba43-dac1f8f63013'.
Trace ID: 3928edeb-c6ee-445b-aea6-a107280d1000
Correlation ID: 4f3196a2-55fd-4556-9697-6e6634fea22c
Timestamp: 2023-04-07 07:45:36Z
        at com.microsoft.aad.msal4j.MsalServiceExceptionFactory.fromHttpResponse(MsalServiceExceptionFactory.java:39)
        at com.microsoft.aad.msal4j.TokenRequestExecutor.createAuthenticationResultFromOauthHttpResponse(TokenRequestExecutor.java:103)
        at com.microsoft.aad.msal4j.TokenRequestExecutor.executeTokenRequest(TokenRequestExecutor.java:34)
        at com.microsoft.aad.msal4j.AbstractClientApplicationBase.acquireTokenCommon(AbstractClientApplicationBase.java:129)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:63)
        at com.microsoft.aad.msal4j.AcquireTokenSilentSupplier.execute(AcquireTokenSilentSupplier.java:61)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:69)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:18)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1760)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165)
[ERROR] Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.
[ERROR] Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.
[ERROR] Failed to acquire a new access token.
[ERROR] {"az.sdk.message":"Retry attempts have been exhausted.","exception":"Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.","tryCount":0}
[WARNING] default to NULL OperationContext, because operation or its action operation is null:null
[WARNING] Cannot get subscriptions for tenant 05dc5dcd-fbe5-41cd-b6ec-0f43889b0a59 , please verify you have proper permissions over this tenant, detailed error: Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.
[ERROR] [Correlation ID: 5c236655-a9db-4ddc-96c6-95216aa25c33] Execution of class com.microsoft.aad.msal4j.AcquireTokenSilentSupplier failed.
com.microsoft.aad.msal4j.MsalInteractionRequiredException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '797f4846-ba00-4fd7-ba43-dac1f8f63013'.
Trace ID: 3928edeb-c6ee-445b-aea6-a107280d1000
Correlation ID: 4f3196a2-55fd-4556-9697-6e6634fea22c
Timestamp: 2023-04-07 07:45:36Z
        at com.microsoft.aad.msal4j.MsalServiceExceptionFactory.fromHttpResponse(MsalServiceExceptionFactory.java:39)
        at com.microsoft.aad.msal4j.TokenRequestExecutor.createAuthenticationResultFromOauthHttpResponse(TokenRequestExecutor.java:103)
        at com.microsoft.aad.msal4j.TokenRequestExecutor.executeTokenRequest(TokenRequestExecutor.java:34)
        at com.microsoft.aad.msal4j.AbstractClientApplicationBase.acquireTokenCommon(AbstractClientApplicationBase.java:129)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:63)
        at com.microsoft.aad.msal4j.AcquireTokenSilentSupplier.execute(AcquireTokenSilentSupplier.java:61)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:69)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:18)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1760)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165)
[ERROR] Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.
[ERROR] Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.
[ERROR] Failed to acquire a new access token.
[ERROR] {"az.sdk.message":"Retry attempts have been exhausted.","exception":"Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.","tryCount":0}
[WARNING] default to NULL OperationContext, because operation or its action operation is null:null
[WARNING] Cannot get subscriptions for tenant 9feb2a89-53c9-4246-91aa-a3eed58be833 , please verify you have proper permissions over this tenant, detailed error: Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.
[ERROR] [Correlation ID: a2218a9d-d516-4305-aa27-a386cf3c6bd2] Execution of class com.microsoft.aad.msal4j.AcquireTokenSilentSupplier failed.
com.microsoft.aad.msal4j.MsalInteractionRequiredException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '797f4846-ba00-4fd7-ba43-dac1f8f63013'.
Trace ID: 3928edeb-c6ee-445b-aea6-a107280d1000
Correlation ID: 4f3196a2-55fd-4556-9697-6e6634fea22c
Timestamp: 2023-04-07 07:45:36Z
        at com.microsoft.aad.msal4j.MsalServiceExceptionFactory.fromHttpResponse(MsalServiceExceptionFactory.java:39)
        at com.microsoft.aad.msal4j.TokenRequestExecutor.createAuthenticationResultFromOauthHttpResponse(TokenRequestExecutor.java:103)
        at com.microsoft.aad.msal4j.TokenRequestExecutor.executeTokenRequest(TokenRequestExecutor.java:34)
        at com.microsoft.aad.msal4j.AbstractClientApplicationBase.acquireTokenCommon(AbstractClientApplicationBase.java:129)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:63)
        at com.microsoft.aad.msal4j.AcquireTokenSilentSupplier.execute(AcquireTokenSilentSupplier.java:61)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:69)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:18)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1760)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165)
[ERROR] Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.
[ERROR] Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.
[ERROR] Failed to acquire a new access token.
[ERROR] {"az.sdk.message":"Retry attempts have been exhausted.","exception":"Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.","tryCount":0}
[WARNING] default to NULL OperationContext, because operation or its action operation is null:null
[WARNING] Cannot get subscriptions for tenant a67d36a8-67e3-42fd-8137-905286da6e97 , please verify you have proper permissions over this tenant, detailed error: Interactive authentication is needed to acquire token. Call Authenticate to initiate the device code authentication.
[ERROR] [Correlation ID: 15c79f3c-73e2-4615-80c3-8e4d46b3ff55] Execution of class com.microsoft.aad.msal4j.AcquireTokenSilentSupplier failed.
com.microsoft.aad.msal4j.MsalInteractionRequiredException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '797f4846-ba00-4fd7-ba43-dac1f8f63013'.
Trace ID: 3928edeb-c6ee-445b-aea6-a107280d1000
Correlation ID: 4f3196a2-55fd-4556-9697-6e6634fea22c
Timestamp: 2023-04-07 07:45:36Z
        at com.microsoft.aad.msal4j.MsalServiceExceptionFactory.fromHttpResponse(MsalServiceExceptionFactory.java:39)
        at com.microsoft.aad.msal4j.TokenRequestExecutor.createAuthenticationResultFromOauthHttpResponse(TokenRequestExecutor.java:103)
        at com.microsoft.aad.msal4j.TokenRequestExecutor.executeTokenRequest(TokenRequestExecutor.java:34)
        at com.microsoft.aad.msal4j.AbstractClientApplicationBase.acquireTokenCommon(AbstractClientApplicationBase.java:129)
        at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:63)
        at com.microsoft.aad.msal4j.AcquireTokenSilentSupplier.execute(AcquireTokenSilentSupplier.java:61)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:69)
        at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:18)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
        at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1760)
        at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
        at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182)
        at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655)
        at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622)
        at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165)

... // Omit a lot of similar logs.

Steps to reproduce the problem

Just run this command in my machine:

./mvnw com.microsoft.azure:azure-spring-apps-maven-plugin:1.16.0:config

[wangmingliang-ms]

This kind of error happens when some of your tenants requires MFA. they are logged by msal4j: https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/dev/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java#L98