Skip to content

[BUG] AzureCliCredential and VisualStudioCredential sometimes times-out, depending on the requested scope #14207

New issue
New issue
Closed
#16499
Closed
[BUG] AzureCliCredential and VisualStudioCredential sometimes times-out, depending on the requested scope#14207
#16499
Assignees
schaabs
Labels
Azure.IdentityClientThis issue is related to a non-management packagecustomer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK teamquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@tomas-pajurek

Description

@tomas-pajurek
tomas-pajurek
opened on Aug 13, 2020

When using AzureCliCredential or VisualStudioCredential, I am not able to obtain tokens (the GetTokenAsync call times out) for some resources/scopes while other resources/scopes works well.

For the very same problematic resources/scopes, I am able to use az account get-access-token --resource xxx from PowerShell Core without any problems.

Also, the VisualStudioCodeCredential and the old AzureServiceTokenProvider works properly with Azure CLI and/or Visual Studio for all tested resources.

Examples:

  • az account get-access-token --resource "https://graph.microsoft.com" - OK
  • az account get-access-token --resource "https://{name}.azconfig.io" - OK
  • AzureServiceTokenProvider for https://graph.microsoft.com - OK
  • AzureServiceTokenProvider for https://{name}.azconfig.io - OK
  • VisualStudioCodeCredential with new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" }) - OK
  • VisualStudioCodeCredential with new TokenRequestContext(new[] { "https://{name}.azconfig.io/.default" }) - OK
  • AzureCliCredential with new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" }) - OK
  • AzureCliCredential with new TokenRequestContext(new[] { "https://{name}.azconfig.io/.default" }) - Does not work

The VisualStudioCredential behaves the same as AzureCliCredential

The errors I get:

  • AzureCliCredential: Azure.Identity.AuthenticationFailedException: 'Azure CLI authentication timed out.'
  • VisualStudioCredential: Process "c:\program files (x86)\microsoft visual studio\2019\community\common7\ide\extensions\hioig1kb.nl4\TokenService\Microsoft.Asal.TokenService.exe" has failed to get access token in 30 seconds.

To Reproduce

internal class Program
{
    private static async Task Main(string[] args)
    {
        var configName = "<name>";

        var sw = new Stopwatch();

        sw.Restart();
        var token1 = await new AzureServiceTokenProvider().GetAccessTokenAsync("https://graph.microsoft.com");
        Console.WriteLine($"{sw.Elapsed}: Graph, ASTP: {token1.Substring(0, 8)}...");

        sw.Restart();
        var context2 = new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" });
        var token2 = await new VisualStudioCodeCredential().GetTokenAsync(context2, default);
        Console.WriteLine($"{sw.Elapsed}: Graph, Identity, VSCode: {token2.Token.Substring(0, 8)}...");

        sw.Restart();
        var context3 = new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" });
        var token3 = await new AzureCliCredential().GetTokenAsync(context3);
        Console.WriteLine($"{sw.Elapsed}: Graph, Identity, Azure CLI: {token3.Token.Substring(0, 8)}...");

        sw.Restart();
        var context4 = new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" });
        var token4 = await new VisualStudioCredential().GetTokenAsync(context4, default);
        Console.WriteLine($"{sw.Elapsed}: Graph, Identity, VS: {token4.Token.Substring(0, 8)}...");

        sw.Restart();
        var token5 = await new AzureServiceTokenProvider().GetAccessTokenAsync($"https://{configName}.azconfig.io");
        Console.WriteLine($"{sw.Elapsed}: AzConfig, ASTP: {token5.Substring(0, 8)}...");

        sw.Restart();
        var context6 = new TokenRequestContext(new[] { $"https://{configName}.azconfig.io/.default" });
        var token6 = await new VisualStudioCodeCredential().GetTokenAsync(context6, default);
        Console.WriteLine($"{sw.Elapsed}: AzConfig, Identity, VSCode: {token6.Token.Substring(0, 8)}...");

        //sw.Restart();
        //var context7 = new TokenRequestContext(new[] { $"https://{configName}.azconfig.io/.default" });
        //var token7 = await new AzureCliCredential().GetTokenAsync(context7);
        //Console.WriteLine($"{sw.Elapsed}: AzConfig, Identity, Azure CLI: {token7.Token.Substring(0, 8)}...");

        sw.Restart();
        var context8 = new TokenRequestContext(new[] { $"https://{configName}.azconfig.io/.default" });
        var token8 = await new VisualStudioCredential().GetTokenAsync(context8, default);
        Console.WriteLine($"{sw.Elapsed}: AzConfig, Identity, VS: {token8.Token.Substring(0, 8)}...");

    }
}

I get following output:

00:00:23.5761005: Graph, ASTP: eyJ0eXAi...
00:00:00.9894546: Graph, Identity, VSCode: eyJ0eXAi...
00:00:00.8689938: Graph, Identity, Azure CLI: eyJ0eXAi...
00:00:02.1739707: Graph, Identity, VS: eyJ0eXAi...
00:00:23.2720664: AzConfig, ASTP: eyJ0eXAi...
00:00:00.4254892: AzConfig, Identity, VSCode: eyJ0eXAi...
xx
xx

Last two tokens fails to be retrieved with errors mentioned above.

Environment:

  • Azure.Identity 1.2.0
  • NET Core 3.1
  • Azure CLI 2.10.1
  • Visual Studio 16.6.3
  • Microsoft Windows 10 Pro (10.0.19041)

Metadata

Metadata

Assignees

Labels

Azure.IdentityClientThis issue is related to a non-management packagecustomer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK teamquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions