cannot sign in to azure and terraform using az login --use-device-code #26721
Labels
Account
az login/account
ARM
az resource/group/lock/tag/deployment/policy/managementapp/account management-group
Auto-Assign
Auto assign by bot
Azure CLI Team
The command of the issue is owned by Azure CLI team
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Describe the bug
cannot sign in to azure and terraform using az login --use-device-code
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code LSNKHUE76 to authenticate.
....
getting code (after login):
Failed to authenticate XXX-b928838ca6a7 'Default Directory' due to error 'Account with id '(pii)' not found. Status: Response_Status.Status_AccountNotFound, Error code: 0, Tag: 525678464'
No subscriptions found for XXX50@outlook.com.
but on the console, Im login ....
Related command
use a web browser to open the page https://microsoft.com/devicelogin and enter the code LSNKHUE76 to authenticate.
Errors
cli.azure.cli.core._profile: Failed to authenticate XXX-b928838ca6a7 'Default Directory' due to error 'Account with id '(pii)' not found. Status: Response_Status.Status_AccountNotFound, Error code: 0, Tag: 525678464'
Issue script & Debug output
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code LSNKHUE76 to authenticate.
msal.telemetry: Generate or reuse correlation_id: a53e08a8-38b2-4495-843c-c066fe82d3c6
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 200 5017
msal.token_cache: event={
"client_id": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
"data": {
"claims": "{"access_token": {"xms_cc": {"values": ["CP1"]}}}",
"client_id": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
"code": "LAQABAAEAAAD--DLA3VO7QrddgJg7WevrNzw_45wxVxXR7yvncfC5XcehegOwt9ZkdpBHH-2MD6vUobnghYfhE4Vnxoc0PuRiz-JCChyV0CeRdHAGqlXIFnVTXaFjkG8Wz8DdQ38MBmYW3MVrEiNoxh52uzrBHkaXKwWDt2o_pe94_tNSaNVxQB9mbEFr-4WjD6LWhQqhgi0gAA",
"device_code": "LAQABAAEAAAD--DLA3VO7QrddgJg7WevrNzw_45wxVxXR7yvncfC5XcehegOwt9ZkdpBHH-2MD6vUobnghYfhE4Vnxoc0PuRiz-JCChyV0CeRdHAGqlXIFnVTXaFjkG8Wz8DdQ38MBmYW3MVrEiNoxh52uzrBHkaXKwWDt2o_pe94_tNSaNVxQB9mbEFr-4WjD6LWhQqhgi0gAA"
},
"environment": "login.microsoftonline.com",
"grant_type": "urn:ietf:params:oauth:grant-type:device_code",
"params": null,
"response": {
"access_token": "",
"client_info": "eyJ1aWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMGVlMC0xMzZjMzhmOGZlZGUiLCJ1dGlkIjoiOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIn0",
"expires_in": 3714,
"ext_expires_in": 3714,
"foci": "1",
"id_token": "",
"refresh_token": "***",
"scope": "https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default",
"token_type": "Bearer"
},
"scope": [
"https://management.core.windows.net//user_impersonation",
"https://management.core.windows.net//.default"
],
"token_endpoint": "https://login.microsoftonline.com/organizations/oauth2/v2.0/token"
}
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/organizations/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/{tenantid}/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/organizations/kerberos', 'tenant_region_scope': None, 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 8f39de4b-132f-4e3d-9b02-c12dbab6d8bb
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/tenants?api-version=2019-11-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'e29652d6-0fff-11ee-8296-f426797ee685'
cli.azure.cli.core.sdk.policies: 'CommandName': 'login'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--debug --use-device-code'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.49.0 (MSI) azsdk-python-azure-mgmt-resource/22.0.0 Python/3.10.10 (Windows-10-10.0.22621-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /tenants?api-version=2019-11-01 HTTP/1.1" 200 291
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Content-Encoding': 'gzip'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-tenant-reads': '11999'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'a43490e7-e473-4641-95ea-4e58bda5a0e3'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'a43490e7-e473-4641-95ea-4e58bda5a0e3'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'FRANCESOUTH:20230621T065112Z:a43490e7-e473-4641-95ea-4e58bda5a0e3'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'Date': 'Wed, 21 Jun 2023 06:51:12 GMT'
cli.azure.cli.core.sdk.policies: 'Content-Length': '291'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"value":[{"id":"/tenants/bf56a616-00ed-4e23-9983-b928838ca6a7","tenantId":"bf56a616-00ed-4e23-9983-b928838ca6a7","countryCode":"IL","displayName":"Default Directory","domains":["bhalamish50outlook.onmicrosoft.com"],"tenantCategory":"Home"}]}
cli.azure.cli.core._profile: Finding subscriptions under tenant bf56a616-00ed-4e23-9983-b928838ca6a7 'Default Directory'
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.broker: [MSAL:0001] ERROR ErrorInternalImpl:134 Created an error: 5vt4a, StatusInternal::AccountNotFound, InternalEvent::None, Error Code 0, Context 'Account with id '(pii)' not found'
msal.broker: [MSAL:0001] INFO LogTelemetryData:332 Printing Telemetry for Correlation ID: bc1b8b86-d8aa-450f-bae9-c75a5e879de3
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: start_time, Value: 2023-06-21T06:51:11.000Z
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: api_name, Value: ReadAccountById
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: was_request_throttled, Value: false
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: request_duration, Value: 0
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: authority_type, Value: Unknown
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: msal_version, Value: 1.1.0+local
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: correlation_id, Value: bc1b8b86-d8aa-450f-bae9-c75a5e879de3
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: stop_time, Value: 2023-06-21T06:51:11.000Z
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: msalruntime_version, Value: 0.13.9
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: api_error_code, Value: 0
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: api_error_tag, Value: 5vt4a
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: api_status_code, Value: StatusInternal::AccountNotFound
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: api_error_context, Value: Account with id '(pii)' not found
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: all_error_tags, Value: 5vt4a
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: is_successful, Value: false
cli.azure.cli.core._profile: Failed to authenticate bf56a616-00ed-4e23-9983-b928838ca6a7 'Default Directory' due to error 'Account with id '(pii)' not found. Status: Response_Status.Status_AccountNotFound, Error code: 0, Tag: 525678464'
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 663, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 697, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 333, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 139, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 179, in login
knack.util.CLIError: No subscriptions found for bhalamish50@outlook.com.
cli.azure.cli.core.azclierror: No subscriptions found for bhalamish50@outlook.com.
az_command_data_logger: No subscriptions found for bhalamish50@outlook.com.
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x03E3B460>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 53.510 seconds (init: 0.248, invoke: 53.262)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3271 in cache
telemetry.check: Returns Positive.
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init_.pyc C:\Users\bhala.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
az account show
will retrieve correct data
Environment Summary
PS C:\Users\bhala> az --version
azure-cli 2.49.0
core 2.49.0
telemetry 1.0.8
Extensions:
account 0.2.5
Dependencies:
msal 1.20.0
azure-mgmt-resource 22.0.0
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\bhala.azure\cliextensions'
Additional context
No response
The text was updated successfully, but these errors were encountered: