cannot sign in to azure and terraform using az login --use-device-code #26721
Assignees
Labels
Account
az login/account
ARM
az resource/group/lock/tag/deployment/policy/managementapp/account management-group
Auto-Assign
Auto assign by bot
Azure CLI Team
The command of the issue is owned by Azure CLI team
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Comments
BaruchiHalamish20
added
the
bug
ghost
added
customer-reported
|
Thank you for opening this issue, we will look into it. |
ghost
added
Azure CLI Team
|
Pinging this issue, as I am experiencing the same: |
|
This is because you have enabled WAM, and WAM is not compatible with device code flow. This issue is tracked by MSAL repo: AzureAD/microsoft-authentication-library-for-python#563 If you are using device code flow to login, please do not turn on WAM: |
yonzhan
removed
the
question
yonzhan
added
question
This was referenced Sep 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
cannot sign in to azure and terraform using az login --use-device-code
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code LSNKHUE76 to authenticate.
....
getting code (after login):
Failed to authenticate XXX-b928838ca6a7 'Default Directory' due to error 'Account with id '(pii)' not found. Status: Response_Status.Status_AccountNotFound, Error code: 0, Tag: 525678464'
No subscriptions found for XXX50@outlook.com.
but on the console, Im login ....
Related command
use a web browser to open the page https://microsoft.com/devicelogin and enter the code LSNKHUE76 to authenticate.
Errors
cli.azure.cli.core._profile: Failed to authenticate XXX-b928838ca6a7 'Default Directory' due to error 'Account with id '(pii)' not found. Status: Response_Status.Status_AccountNotFound, Error code: 0, Tag: 525678464'
Issue script & Debug output
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code LSNKHUE76 to authenticate.
msal.telemetry: Generate or reuse correlation_id: a53e08a8-38b2-4495-843c-c066fe82d3c6
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 510
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 200 5017
msal.token_cache: event={
"client_id": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
"data": {
"claims": "{"access_token": {"xms_cc": {"values": ["CP1"]}}}",
"client_id": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
"code": "LAQABAAEAAAD--DLA3VO7QrddgJg7WevrNzw_45wxVxXR7yvncfC5XcehegOwt9ZkdpBHH-2MD6vUobnghYfhE4Vnxoc0PuRiz-JCChyV0CeRdHAGqlXIFnVTXaFjkG8Wz8DdQ38MBmYW3MVrEiNoxh52uzrBHkaXKwWDt2o_pe94_tNSaNVxQB9mbEFr-4WjD6LWhQqhgi0gAA",
"device_code": "LAQABAAEAAAD--DLA3VO7QrddgJg7WevrNzw_45wxVxXR7yvncfC5XcehegOwt9ZkdpBHH-2MD6vUobnghYfhE4Vnxoc0PuRiz-JCChyV0CeRdHAGqlXIFnVTXaFjkG8Wz8DdQ38MBmYW3MVrEiNoxh52uzrBHkaXKwWDt2o_pe94_tNSaNVxQB9mbEFr-4WjD6LWhQqhgi0gAA"
},
"environment": "login.microsoftonline.com",
"grant_type": "urn:ietf:params:oauth:grant-type:device_code",
"params": null,
"response": {
"access_token": "",
"client_info": "eyJ1aWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMGVlMC0xMzZjMzhmOGZlZGUiLCJ1dGlkIjoiOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIn0",
"expires_in": 3714,
"ext_expires_in": 3714,
"foci": "1",
"id_token": "",
"refresh_token": "***",
"scope": "https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default",
"token_type": "Bearer"
},
"scope": [
"https://management.core.windows.net//user_impersonation",
"https://management.core.windows.net//.default"
],
"token_endpoint": "https://login.microsoftonline.com/organizations/oauth2/v2.0/token"
}
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/organizations/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/{tenantid}/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/organizations/kerberos', 'tenant_region_scope': None, 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 8f39de4b-132f-4e3d-9b02-c12dbab6d8bb
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/tenants?api-version=2019-11-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'e29652d6-0fff-11ee-8296-f426797ee685'
cli.azure.cli.core.sdk.policies: 'CommandName': 'login'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--debug --use-device-code'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.49.0 (MSI) azsdk-python-azure-mgmt-resource/22.0.0 Python/3.10.10 (Windows-10-10.0.22621-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /tenants?api-version=2019-11-01 HTTP/1.1" 200 291
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Content-Encoding': 'gzip'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-tenant-reads': '11999'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'a43490e7-e473-4641-95ea-4e58bda5a0e3'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'a43490e7-e473-4641-95ea-4e58bda5a0e3'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'FRANCESOUTH:20230621T065112Z:a43490e7-e473-4641-95ea-4e58bda5a0e3'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'Date': 'Wed, 21 Jun 2023 06:51:12 GMT'
cli.azure.cli.core.sdk.policies: 'Content-Length': '291'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"value":[{"id":"/tenants/bf56a616-00ed-4e23-9983-b928838ca6a7","tenantId":"bf56a616-00ed-4e23-9983-b928838ca6a7","countryCode":"IL","displayName":"Default Directory","domains":["bhalamish50outlook.onmicrosoft.com"],"tenantCategory":"Home"}]}
cli.azure.cli.core._profile: Finding subscriptions under tenant bf56a616-00ed-4e23-9983-b928838ca6a7 'Default Directory'
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/bf56a616-00ed-4e23-9983-b928838ca6a7/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.broker: [MSAL:0001] ERROR ErrorInternalImpl:134 Created an error: 5vt4a, StatusInternal::AccountNotFound, InternalEvent::None, Error Code 0, Context 'Account with id '(pii)' not found'
msal.broker: [MSAL:0001] INFO LogTelemetryData:332 Printing Telemetry for Correlation ID: bc1b8b86-d8aa-450f-bae9-c75a5e879de3
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: start_time, Value: 2023-06-21T06:51:11.000Z
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: api_name, Value: ReadAccountById
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: was_request_throttled, Value: false
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: request_duration, Value: 0
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: authority_type, Value: Unknown
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: msal_version, Value: 1.1.0+local
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: correlation_id, Value: bc1b8b86-d8aa-450f-bae9-c75a5e879de3
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: stop_time, Value: 2023-06-21T06:51:11.000Z
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: msalruntime_version, Value: 0.13.9
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: api_error_code, Value: 0
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: api_error_tag, Value: 5vt4a
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: api_status_code, Value: StatusInternal::AccountNotFound
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: api_error_context, Value: Account with id '(pii)' not found
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: all_error_tags, Value: 5vt4a
msal.broker: [MSAL:0001] INFO LogTelemetryData:340 Key: is_successful, Value: false
cli.azure.cli.core._profile: Failed to authenticate bf56a616-00ed-4e23-9983-b928838ca6a7 'Default Directory' due to error 'Account with id '(pii)' not found. Status: Response_Status.Status_AccountNotFound, Error code: 0, Tag: 525678464'
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 663, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 697, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 333, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 139, in login
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 179, in login
knack.util.CLIError: No subscriptions found for bhalamish50@outlook.com.
cli.azure.cli.core.azclierror: No subscriptions found for bhalamish50@outlook.com.
az_command_data_logger: No subscriptions found for bhalamish50@outlook.com.
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x03E3B460>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 53.510 seconds (init: 0.248, invoke: 53.262)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3271 in cache
telemetry.check: Returns Positive.
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init_.pyc C:\Users\bhala.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
az account show
will retrieve correct data
Environment Summary
PS C:\Users\bhala> az --version
azure-cli 2.49.0
core 2.49.0
telemetry 1.0.8
Extensions:
account 0.2.5
Dependencies:
msal 1.20.0
azure-mgmt-resource 22.0.0
Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\bhala.azure\cliextensions'
Additional context
No response
The text was updated successfully, but these errors were encountered: