Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[@microsoft/vscode-azext-azureauth] AzureSubscription.credential.getToken() returns an error with '.default' scope #1538

Closed
shsuman opened this issue Jul 20, 2023 · 5 comments · Fixed by #1540
Closed

[@microsoft/vscode-azext-azureauth] AzureSubscription.credential.getToken() returns an error with '.default' scope #1538

shsuman opened this issue Jul 20, 2023 · 5 comments · Fixed by #1540
Labels
auth

Comments

@shsuman
Copy link
Member

shsuman commented Jul 20, 2023

When calling ,

AzureSubscription.credential.getToken('.default')

or

AzureSubscription.credential.getToken(['.default'])

I am getting this error:
You are not signed in to an Azure account. Please sign in.

However, this doesn't happen if you pass an empty array [] inside the getToken function.
@bwateratmsft
Copy link
Contributor

The error source is here so that indicates that getSession returned nothing. Need to investigate why.

@bwateratmsft
Copy link
Contributor

bwateratmsft commented Jul 20, 2023
edited
Loading

@shsuman can you share the logs from the Microsoft Authentication output window? Please redact any sensitive info.

image

@alexweininger
Copy link
Member

@shsuman can you share the logs from the Microsoft Authentication output window? Please redact any sensitive info.

image

You may need to set the log level for Microsoft Authentication to debug or trace. You can do so via the "Developer: Set Log Level..." command. Choose "Microsoft Authentication" and select Debug or Trace.

@shsuman
Copy link
Member Author

shsuman commented Jul 21, 2023

@bwateratmsft @alexweininger Below are the logs with PII redacted:

2023-07-21 12:23:30.341 [info] Getting sessions for the following scopes: VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:30.342 [info] Got 1 sessions for scopes: VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:30.342 [info] Token available from cache (for scopes VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile), expires in 4027574 milliseconds
2023-07-21 12:23:36.494 [info] Getting sessions for the following scopes: VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:36.494 [info] Got 1 sessions for scopes: VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:36.494 [info] Token available from cache (for scopes VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile), expires in 4021421 milliseconds
2023-07-21 12:23:40.324 [info] Getting sessions for the following scopes: email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:40.324 [info] Got 1 sessions for scopes: email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:40.324 [info] Token available from cache (for scopes email https://management.azure.com/.default offline_access openid profile), expires in 4604440 milliseconds
2023-07-21 12:23:40.335 [info] Getting sessions for the following scopes: email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:40.335 [info] Got 1 sessions for scopes: email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:40.335 [info] Token available from cache (for scopes email https://management.azure.com/.default offline_access openid profile), expires in 4604429 milliseconds
2023-07-21 12:23:40.374 [info] Getting sessions for the following scopes: email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:40.374 [info] Got 1 sessions for scopes: email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:40.374 [info] Token available from cache (for scopes email https://management.azure.com/.default offline_access openid profile), expires in 4604391 milliseconds
2023-07-21 12:23:40.999 [info] Getting sessions for the following scopes: VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:40.999 [info] Got 1 sessions for scopes: VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:40.999 [info] Token available from cache (for scopes VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile), expires in 4016917 milliseconds
2023-07-21 12:23:42.536 [info] Getting sessions for the following scopes: .default VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:42.536 [trace] No session found with idtoken scopes... Using fallback scope list of: .default VSCODE_TENANT:******************************** https://management.azure.com/.default
2023-07-21 12:23:42.536 [info] Refreshing token for scopes: .default VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile
2023-07-21 12:23:42.878 [error] Refreshing token failed (for scopes: .default VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile): {"error":"invalid_scope","error_description":"AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope .default email https://management.azure.com/.default offline_access openid profile is not valid. static scope limit exceeded.\r\nTrace ID: 20b01053-4a72-426b-8669-a9e86fb40c00\r\nCorrelation ID: 46ea6f9b-e731-445e-b449-16f39087a53f\r\nTimestamp: 2023-07-21 06:53:43Z","error_codes":[70011],"timestamp":"2023-07-21 06:53:43Z","trace_id":"20b01053-4a72-426b-8669-a9e86fb40c00","correlation_id":"46ea6f9b-e731-445e-b449-16f39087a53f"}
2023-07-21 12:23:42.878 [error] Attempted to get a new session for scopes '.default VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile' using the existing session with scopes 'email offline_access openid profile' but it failed due to: {"error":"invalid_scope","error_description":"AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope .default email https://management.azure.com/.default offline_access openid profile is not valid. static scope limit exceeded.\r\nTrace ID: 20b01053-4a72-426b-8669-a9e86fb40c00\r\nCorrelation ID: 46ea6f9b-e731-445e-b449-16f39087a53f\r\nTimestamp: 2023-07-21 06:53:43Z","error_codes":[70011],"timestamp":"2023-07-21 06:53:43Z","trace_id":"20b01053-4a72-426b-8669-a9e86fb40c00","correlation_id":"46ea6f9b-e731-445e-b449-16f39087a53f"}
2023-07-21 12:23:42.878 [info] Got 0 sessions for scopes: .default VSCODE_TENANT:******************************** email https://management.azure.com/.default offline_access openid profile

@bwateratmsft
Copy link
Contributor

bwateratmsft commented Jul 21, 2023
edited
Loading

Thanks @shsuman, this is helpful. It looks like .default was not getting converted into https://management.azure.com/.default, which is included by default. This should be an easy fix--just need to ignore .default, since <mgmtUrl>/.default is always included.

@bwateratmsft bwateratmsft mentioned this issue Jul 21, 2023
Merged
@azuretools-vscode-bot azuretools-vscode-bot bot locked and limited conversation to collaborators Jan 22, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

auth: Ignore .default if it is passed as a scope microsoft/vscode-azuretools
3 participants
@alexweininger @bwateratmsft @shsuman