Using --azure-credential with service principal to publish raises an ERROR You need to be logged in with your corporate credentials to perform this action.

[trevors20]

Hi there. I am trying out the new changes to vsce to use a federated service connection to publish to the marketplace and use the --azure-credential switch.

It looks like I am using version 2.31.0 of the vsce toolset.

I first validated using the verify-pat command that using the federated service connection is working: vsce verify-pat [publishid] --azure-credential The Personal Access Token verification succeeded for the publisher '[publishid]'.

But.... When I actually try to publish some vsix's for real, I get the following error: vsce publish --azure-credential --pre-release --packagePath package1.vsix package2.vsix package3.vsix package4.vsix

INFO Publishing '[publishid].package1 v1.0.0'... ERROR You need to be logged in with your corporate credentials to perform this action.

Does anyone have any ideas as to what is preventing me from publishing to the marketplace using an SP? Thanks much!

CC: @lszomoru

[lszomoru]

What task/version are you using to run vsce? It's interesting that verify-pat succeeds but publishing does not. Could you add the following line before calling vsce just so that we confirm that we are using the correct identity:

az rest -u https://app.vssps.visualstudio.com/_apis/profile/profiles/me --resource 499b84ac-1321-427f-aa17-267ca6975798

[trevors20]

Looks like vsce did not spit out the version. At the time, it should have been the latest version. Let me add a call to vsce to show the version that we are using as well as the call to "az rest" and respond back with the information. We might not be able to attempt his until tomorrow.

[trevors20]

@lszomoru , We finally had a release and so we tried it with the additional logging. Not sure if you are able to see this link or not but this is the output of the logs: https://devdiv.visualstudio.com/DevDiv/_build/results?buildId=10016488&view=logs&j=3c073bee-8c2e-5620-5ea2-f936c289b2ff&t=2cfe0b00-f61a-5101-2dd5-b2cfdfc8b2c7

[trevors20]

Also posting the logging here: 2024-08-08T16:23:32.8994124Z ##[section]Starting: 📦 Publish to Marketplace 2024-08-08T16:23:32.8998981Z ============================================================================== 2024-08-08T16:23:32.8999468Z Task : Azure CLI 2024-08-08T16:23:32.8999534Z Description : Run Azure CLI commands against an Azure subscription in a PowerShell Core/Shell script when running on Linux agent or PowerShell/PowerShell Core/Batch script when running on Windows agent. 2024-08-08T16:23:32.8999681Z Version : 2.242.0 2024-08-08T16:23:32.8999725Z Author : Microsoft Corporation 2024-08-08T16:23:32.8999780Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-cli 2024-08-08T16:23:32.8999885Z ============================================================================== 2024-08-08T16:23:33.1697555Z [command]/usr/bin/az --version 2024-08-08T16:23:41.5123875Z azure-cli 2.63.0 2024-08-08T16:23:41.5124585Z 2024-08-08T16:23:41.5125415Z core 2.63.0 2024-08-08T16:23:41.5125998Z telemetry 1.1.0 2024-08-08T16:23:41.5126446Z 2024-08-08T16:23:41.5127770Z Extensions: 2024-08-08T16:23:41.5128386Z azure-devops 1.0.1 2024-08-08T16:23:41.5128732Z 2024-08-08T16:23:41.5129194Z Dependencies: 2024-08-08T16:23:41.5129752Z msal 1.30.0 2024-08-08T16:23:41.5131716Z azure-mgmt-resource 23.1.1 2024-08-08T16:23:41.5132235Z 2024-08-08T16:23:41.5133079Z Python location '/opt/az/bin/python3' 2024-08-08T16:23:41.5133857Z Extensions directory '/opt/az/azcliextensions' 2024-08-08T16:23:41.5134409Z 2024-08-08T16:23:41.5135066Z Python (Linux) 3.11.8 (main, Jul 31 2024, 03:40:01) [GCC 9.4.0] 2024-08-08T16:23:41.5135540Z 2024-08-08T16:23:41.5136075Z Legal docs and information: aka.ms/AzureCliLegal 2024-08-08T16:23:41.5136411Z 2024-08-08T16:23:41.5136681Z 2024-08-08T16:23:41.5137263Z Your CLI is up-to-date. 2024-08-08T16:23:41.5139824Z Setting AZURE_CONFIG_DIR env variable to: /mnt/vss/_work/_temp/.azclitask 2024-08-08T16:23:41.5204693Z Setting active cloud to: AzureCloud 2024-08-08T16:23:41.5209046Z [command]/usr/bin/az cloud set -n AzureCloud 2024-08-08T16:24:06.7328546Z [command]/usr/bin/az login --service-principal -u --tenant 72f988bf-NNNN-NNNN-NNNN-NNNNNNNNNNNN --allow-no-subscriptions --federated-token 2024-08-08T16:24:07.6391688Z [ 2024-08-08T16:24:07.6395438Z { 2024-08-08T16:24:07.6395641Z "cloudName": "AzureCloud", 2024-08-08T16:24:07.6399061Z "homeTenantId": "72f988bf-NNNN-NNNN-NNNN-NNNNNNNNNNNN", 2024-08-08T16:24:07.6399490Z "id": "bd62906c-NNNN-NNNN-NNNN-NNNNNNNNNNNN", 2024-08-08T16:24:07.6399730Z "isDefault": true, 2024-08-08T16:24:07.6399944Z "managedByTenants": [], 2024-08-08T16:24:07.6400149Z "name": "DevDiv Key Vault", 2024-08-08T16:24:07.6400352Z "state": "Enabled", 2024-08-08T16:24:07.6400695Z "tenantId": "72f988bf-NNNN-NNNN-NNNN-NNNNNNNNNNNN", 2024-08-08T16:24:07.6400914Z "user": { 2024-08-08T16:24:07.6401326Z "name": "***", 2024-08-08T16:24:07.6401555Z "type": "servicePrincipal" 2024-08-08T16:24:07.6401746Z } 2024-08-08T16:24:07.6401887Z } 2024-08-08T16:24:07.6402035Z ] 2024-08-08T16:24:07.6406805Z [command]/usr/bin/az account set --subscription bd62906c-NNNN-NNNN-NNNN-NNNNNNNNNNNN 2024-08-08T16:24:08.0900903Z [command]/usr/bin/pwsh -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command . '/mnt/vss/_work/_temp/azureclitaskscript1723134213162.ps1' 2024-08-08T16:24:08.8160288Z 2.31.1 2024-08-08T16:24:09.6402718Z { 2024-08-08T16:24:09.6404655Z "coreRevision": 454190310, 2024-08-08T16:24:09.6406094Z "displayName": "72f988bf-NNNN-NNNN-NNNN-NNNNNNNNNNNN\c57d5b84-NNNN-NNNN-NNNN-NNNNNNNNNNNN", 2024-08-08T16:24:09.6408656Z "emailAddress": "", 2024-08-08T16:24:09.6409017Z "id": "30f63012-NNNN-NNNN-NNNN-NNNNNNNNNNNN", 2024-08-08T16:24:09.6409395Z "publicAlias": "30f63012-NNNN-NNNN-NNNN-NNNNNNNNNNNN", 2024-08-08T16:24:09.6409592Z "revision": 454190310, 2024-08-08T16:24:09.6409935Z "timeStamp": "2024-05-23T19:58:30.6866667+00:00" 2024-08-08T16:24:09.6410394Z } 2024-08-08T16:24:10.2586266Z Shipping branch: refs/heads/prerelease 2024-08-08T16:24:10.3489713Z ##[command]vsce publish --azure-credential --pre-release --packagePath csdevkit-win32-x64-1.10.4.vsix csdevkit-win32-arm64-1.10.4.vsix csdevkit-linux-x64-1.10.4.vsix csdevkit-linux-arm64-1.10.4.vsix csdevkit-darwin-x64-1.10.4.vsix csdevkit-darwin-arm64-1.10.4.vsix csdevkit-alpine-x64-1.10.4.vsix csdevkit-alpine-arm64-1.10.4.vsix 2024-08-08T16:24:11.0401831Z azure:identity:info EnvironmentCredential => Found the following environment variables: AZURE_CLIENT_ID 2024-08-08T16:24:11.0413127Z azure:core-client:warning The baseUri option for SDK Clients has been deprecated, please use endpoint instead. 2024-08-08T16:24:11.0452627Z azure:core-client:warning The baseUri option for SDK Clients has been deprecated, please use endpoint instead. 2024-08-08T16:24:11.0474781Z azure:identity:info AzureCliCredential => getToken() => Using the scope 499b84ac-1321-427f-aa17-267ca6975798/.default 2024-08-08T16:24:11.7152525Z azure:identity:info AzureCliCredential => getToken() => expires_on is available and is valid, using it 2024-08-08T16:24:11.7156893Z azure:identity:info AzureCliCredential => getToken() => SUCCESS. Scopes: 499b84ac-1321-427f-aa17-267ca6975798/.default. 2024-08-08T16:24:11.7198449Z azure:identity:info ChainedTokenCredential => getToken() => Result for AzureCliCredential: SUCCESS. Scopes: 499b84ac-1321-427f-aa17-267ca6975798/.default. 2024-08-08T16:24:11.7199024Z INFO Publishing 'ms-dotnettools.csdevkit (win32-x64) v1.10.4'... 2024-08-08T16:24:13.0572966Z ERROR You need to be logged in with your Microsoft corporate credentials to perform this action. 2024-08-08T16:24:13.1566392Z 2024-08-08T16:24:13.1685633Z ##[error]Script failed with exit code: 1 2024-08-08T16:24:13.1825732Z [command]/usr/bin/az account clear 2024-08-08T16:24:13.9408940Z ##[section]Finishing: 📦 Publish to Marketplace