Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

az login with interactive login via browser fails with AADSTS900144: The request body must contain the following parameter: 'client_id'. #29364

Open
rtgeha opened this issue Jul 11, 2024 · 6 comments
Open

az login with interactive login via browser fails with AADSTS900144: The request body must contain the following parameter: 'client_id'. #29364

rtgeha opened this issue Jul 11, 2024 · 6 comments
Assignees
@jiasli
Labels
Account az login/account Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Backlog

Comments

@rtgeha
Copy link

rtgeha commented Jul 11, 2024

Describe the bug

az login fails when trying to use "login in web browser"

Related command

az login

Errors

AADSTS900144: The request body must contain the following parameter: 'client_id'.

Issue script & Debug output

The error message is in the browser, I have to cancel the login process of the CLI, since I cannot successfully login

Expected behavior

Successful login, after opening the browser window where I am already authenticated

Environment Summary

azure-cli 2.62.0

core 2.62.0
telemetry 1.1.0

Extensions:
account 0.2.5

Dependencies:
msal 1.28.1
azure-mgmt-resource 23.1.1

OS: current ubuntu lts

Additional context

No response
@rtgeha rtgeha added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Jul 11, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. Auto-Assign Auto assign by bot Account az login/account labels Jul 11, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Azure CLI Team The command of the issue is owned by Azure CLI team label Jul 11, 2024
@yonzhan
Copy link
Collaborator

yonzhan commented Jul 11, 2024

Thank you for opening this issue, we will look into it.

@microsoft-github-policy-service microsoft-github-policy-service bot added the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label Jul 11, 2024
@yonzhan yonzhan added this to the Backlog milestone Jul 11, 2024
@yonzhan yonzhan removed the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Jul 11, 2024
@jiasli
Copy link
Member

jiasli commented Jul 12, 2024

Could you please share the URL that was opened in the browser?

@rtgeha
Copy link
Author

rtgeha commented Jul 12, 2024

The URL was similar to "https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx/oauth2/v2.0/authorize".

I have replaced the part of the URL that is the the OrganizationID of my EntraID tenant

@jiasli
Copy link
Member

jiasli commented Jul 15, 2024

Please kindly share the full URL with the query parameter. There is no sensitive information in it. You only need to redact the tenant ID if you want.

It should look like https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A45769&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2F.default+offline_access+openid+profile&state=HcETyWBovKIzUwDF&code_challenge=102IM0ww-Z981klrvhDZ_Be8VuqyykccxQY7GFtSKgg&code_challenge_method=S256&nonce=d18aed471850b825c8671081dfa1c5092a8417667cea84887eb1c4bbf663f056&client_info=1&claims=%7B%22access_token%22%3A+%7B%22xms_cc%22%3A+%7B%22values%22%3A+%5B%22CP1%22%5D%7D%7D%7D&prompt=select_account

@jiasli
Copy link
Member

jiasli commented Jul 15, 2024

Does the URL contain a client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46 query parameter? The URL should should look like https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&...

The browser will be automatically opened. You shouldn't click on the URL in the warning message:

image

Otherwise, the browser will show AADSTS900144 error:

image

Also, which version of Ubuntu are you using? Are you using WSL?

@rtgeha
Copy link
Author

rtgeha commented Jul 15, 2024

I am using Ubuntu 22.04.4 LTS on WSL.

Since the browser is not successfully opened by az login, it would be great if the URL in the warning message would still work as in previous versions of the Azure CLI. You also need to consider use cases where people just use SSH to connect to a server or systems where no desktop system is installed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
Account az login/account Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@jiasli @yonzhan @rtgeha