Skip to content

az account get-access-token --resource https://cognitiveservices.azure.com <Response 400> from Cloud shell #29057

New issue
New issue
Open
Open
az account get-access-token --resource https://cognitiveservices.azure.com <Response 400> from Cloud shell#29057
Assignees
zhoxing-ms
Labels
ARMaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupAuto-AssignAuto assign by botService AttentionThis issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Backlog
@daisygithuba

Description

@daisygithuba
daisygithuba
opened on May 30, 2024

Describe the bug

when run "az account get-access-token --resource https://cognitiveservices.azure.com" to get access token will receive error:
az_command_data_logger: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>

command is executed from Azure portal - Cloud shell, user should be automatically signed in.
az account get-access-token --resource https://management.azure.com would work without any issue.

Related command

az account get-access-token --resource https://cognitiveservices.azure.com

Errors

az_command_data_logger: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>

Issue script & Debug output

cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f745c04fdc0>, <function CLIQuery.handle_query_parameter at 0x7f745bfe63a0>, <function register_ids_argument..parse_ids_arguments at 0x7f745b408280>]
urllib3.connectionpool: Starting new HTTP connection (1): localhost:50342
urllib3.connectionpool: http://localhost:50342 "POST /oauth2/token HTTP/1.1" 400 133
msrestazure.azure_active_directory: MSI: Retrieving a token from http://localhost:50342/oauth2/token, with payload {'resource': 'https://cognitiveservices.azure.com'}
msrestazure.azure_active_directory: MSI: Failed to retrieve a token from 'http://localhost:50342/oauth2/token' with an error of '400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token'. This could be caused by the MSI extension not yet fully provisioned.
cli.azure.cli.core.auth.adal_authentication: throw requests.exceptions.HTTPError when doing MSIAuthentication:
Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/auth/adal_authentication.py", line 75, in set_token
super().set_token()
File "/usr/lib64/az/lib/python3.9/site-packages/msrestazure/azure_active_directory.py", line 598, in set_token
self.scheme, _, self.token = get_msi_token(self.resource, self.port, self.msi_conf)
File "/usr/lib64/az/lib/python3.9/site-packages/msrestazure/azure_active_directory.py", line 486, in get_msi_token
result.raise_for_status()
File "/usr/lib64/az/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token

cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/auth/adal_authentication.py", line 75, in set_token
super().set_token()
File "/usr/lib64/az/lib/python3.9/site-packages/msrestazure/azure_active_directory.py", line 598, in set_token
self.scheme, _, self.token = get_msi_token(self.resource, self.port, self.msi_conf)
File "/usr/lib64/az/lib/python3.9/site-packages/msrestazure/azure_active_directory.py", line 486, in get_msi_token
result.raise_for_status()
File "/usr/lib64/az/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/auth/adal_authentication.py", line 87, in set_token
.format(err.response.status, err.response.reason))
AttributeError: 'Response' object has no attribute 'status'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 664, in execute
raise ex
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 731, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 701, in _run_job
result = cmd_copy(params)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 334, in call
return self.handler(*args, **kwargs)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/command_modules/profile/custom.py", line 78, in get_access_token
creds, subscription, tenant = profile.get_raw_token(subscription=subscription, resource=resource, scopes=scopes,
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/_profile.py", line 401, in get_raw_token
msi_creds = MsiAccountTypes.msi_auth_factory(MsiAccountTypes.system_assigned, identity_id,
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/_profile.py", line 734, in msi_auth_factory
return MSIAuthenticationWrapper(resource=resource)
File "/usr/lib64/az/lib/python3.9/site-packages/msrestazure/azure_active_directory.py", line 592, in init
self.set_token()
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/auth/adal_authentication.py", line 89, in set_token
raise AzureResponseError('Failed to connect to MSI. Please make sure MSI is configured correctly.\n'
azure.cli.core.azclierror.AzureResponseError: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>

cli.azure.cli.core.azclierror: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>
az_command_data_logger: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f745b496a60>]

Expected behavior

return token without the need of login again

Environment Summary

azure-cli 2.61.0

core 2.61.0
telemetry 1.1.0

Extensions:
ai-examples 0.2.5
ml 2.26.0
ssh 2.0.3

Dependencies:
msal 1.28.0
azure-mgmt-resource 23.1.1

Additional context

No response

Metadata

Metadata

Assignees

Labels

ARMaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupAuto-AssignAuto assign by botService AttentionThis issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions