Azure CLI in browser from portal results into Bad Request..

[rfcdejong]

This is autogenerated. Please review and update as needed.

Describe the bug

Using the Azure CLI on my development laptop I didn't get my visual studio to use my account owner account to access my own just created keyvault. I know what I do and had this working many times before on other subscriptions and key vaults. Now it keeps running into 400 invalid resource trying to get an access token.

When I use the CLI on Azure CLI from browser it results into this exception below.

Command Name
az account get-access-token

Errors:

400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token
Traceback (most recent call last):
python3.6/site-packages/knack/cli.py, ln 206, in invoke
    cmd_result = self.invocation.execute(args)
cli/core/commands/__init__.py, ln 608, in execute
    raise ex
cli/core/commands/__init__.py, ln 666, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
...
python3.6/site-packages/msrestazure/azure_active_directory.py, ln 486, in get_msi_token
    result.raise_for_status()
python3.6/site-packages/requests/models.py, ln 940, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

• Put any pre-requisite steps here...
• az account get-access-token --resource {}

Expected Behavior

Environment Summary

Linux-4.15.0-1075-azure-x86_64-with-debian-stretch-sid
Python 3.6.5

azure-cli 2.2.0 *

Extensions:
azure-devops 0.17.0

Additional Context

[yonzhan]

add to S169

[rfcdejong]

Maybe it is not relavant, but I do have to have to notice that my laptop has been disconnected from one organisation which had Hybrid Azure AD to a new organisation which has no on premises AD, only Managed Identity in Azure AD. Also I'm using my FIDO2 yubikey as MFA enabled in preview for my account. Including authenticate into windows with FIDO2.

[jiasli]

Same issue as #11749

400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token is a known issue of Cloud Shell that it intermittently fails with this error.

To solve it, please use Azure CLI on a local machine or run az login in Cloud Shell and retry the command.

[rfcdejong]

Using Azure CLI on local machine was in #12803 which got resolved because I used the name of the keyvault instead of just a common resourcename which should had been used.

So this is just a followup error as you @jiasli mentioned

[jiasli]

Let's keep this issue open. We are working with Cloud Shell team to fix it.

[maertendMSFT]

This should be fixed now. I cannot repro, please close.