Azure-cli: Can't log in interactively with az-cli
Interactive Browser Sign-in Fails With ERR_TOO_MANY_REDIRECTS
Environment summary
Install Method
Homebrew
brew update && brew install azure-cli
CLI version (az --version)
azure-cli (2.0.21)
acr (2.0.15)
acs (2.0.19)
appservice (0.1.20)
backup (1.0.3)
batch (3.1.7)
batchai (0.1.3)
billing (0.1.6)
cdn (0.0.10)
cloud (2.0.10)
cognitiveservices (0.1.9)
command-modules-nspkg (2.0.1)
component (2.0.8)
configure (2.0.12)
consumption (0.1.6)
container (0.1.13)
core (2.0.21)
cosmosdb (0.1.15)
dla (0.0.15)
dls (0.0.18)
eventgrid (0.1.5)
extension (0.0.6)
feedback (2.0.6)
find (0.2.7)
interactive (0.3.11)
iot (0.1.14)
keyvault (2.0.14)
lab (0.0.13)
monitor (0.0.12)
network (2.0.18)
nspkg (3.0.1)
profile (2.0.15)
rdbms (0.0.9)
redis (0.2.10)
reservations (0.1.0)
resource (2.0.18)
role (2.0.14)
servicefabric (0.0.6)
sql (2.0.15)
storage (2.0.19)
vm (2.0.18)
Python location '/usr/local/opt/python3/bin/python3.6'
Extensions directory '/Users/sakshamgupta/.azure/cliextensions'
Python (Darwin) 3.6.3 (default, Oct 4 2017, 06:09:05)
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.42.1)]
Legal docs and information: aka.ms/AzureCliLegal
OS version
MacOS 10.11.6
Shell Type (e.g. bash, cmd.exe, Bash on Windows)
Bash
Here are the debug logs from az login:
Command arguments ['login']
Loading all installed modules as module with name 'login' not found.
Installed command modules ['acr', 'acs', 'appservice', 'backup', 'batch', 'batchai', 'billing', 'cdn', 'cloud', 'cognitiveservices', 'component', 'configure', 'consumption', 'container', 'cosmosdb', 'dla', 'dls', 'eventgrid', 'extension', 'feedback', 'find', 'interactive', 'iot', 'keyvault', 'lab', 'monitor', 'network', 'profile', 'rdbms', 'redis', 'reservations', 'resource', 'role', 'servicefabric', 'sql', 'storage', 'vm']
Current cloud config:
{'endpoints': {'active_directory': 'https://login.microsoftonline.com',
'active_directory_data_lake_resource_id': 'https://datalake.azure.net/',
'active_directory_graph_resource_id': 'https://graph.windows.net/',
'active_directory_resource_id': 'https://management.core.windows.net/',
'batch_resource_id': 'https://batch.core.windows.net/',
'gallery': 'https://gallery.azure.com/',
'management': 'https://management.core.windows.net/',
'resource_manager': 'https://management.azure.com/',
'sql_management': 'https://management.core.windows.net:8443/',
'vm_image_alias_doc': 'https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json'},
'is_active': True,
'name': 'AzureCloud',
'profile': 'latest',
'suffixes': {'azure_datalake_analytics_catalog_and_job_endpoint': 'azuredatalakeanalytics.net',
'azure_datalake_store_file_system_endpoint': 'azuredatalakestore.net',
'keyvault_dns': '.vault.azure.net',
'sql_server_hostname': '.database.windows.net',
'storage_endpoint': 'core.windows.net'}}
Registered application event handler 'CommandTableParams.Loaded' at <function add_id_parameters at 0x10d95e8c8>
Registered application event handler 'CommandTable.Loaded' at <function add_id_parameters at 0x10d95e8c8>
Loaded module 'acr' in 0.042 seconds.
Loaded module 'acs' in 0.005 seconds.
Registered application event handler 'CommandParser.Parsing' at <function deprecate at 0x10d979e18>
Loaded module 'appservice' in 0.005 seconds.
Loaded module 'backup' in 0.004 seconds.
Loaded module 'batch' in 0.027 seconds.
Loaded module 'batchai' in 0.006 seconds.
Loaded module 'billing' in 0.003 seconds.
Loaded module 'cdn' in 0.006 seconds.
Loaded module 'cloud' in 0.002 seconds.
Loaded module 'cognitiveservices' in 0.003 seconds.
Loaded module 'component' in 0.002 seconds.
Loaded module 'configure' in 0.002 seconds.
Loaded module 'consumption' in 0.003 seconds.
Loaded module 'container' in 0.003 seconds.
Registered application event handler 'CommandParser.Parsing' at <function deprecate at 0x10dabd9d8>
Loaded module 'cosmosdb' in 0.006 seconds.
Loaded module 'dla' in 0.004 seconds.
Loaded module 'dls' in 0.004 seconds.
Loaded module 'eventgrid' in 0.003 seconds.
Loaded module 'extension' in 0.002 seconds.
Loaded module 'feedback' in 0.018 seconds.
Loaded module 'find' in 0.015 seconds.
Loaded module 'interactive' in 0.003 seconds.
Loaded module 'iot' in 0.006 seconds.
Loaded module 'keyvault' in 0.005 seconds.
Loaded module 'lab' in 0.004 seconds.
Loaded module 'monitor' in 0.006 seconds.
Loaded module 'network' in 0.034 seconds.
Loaded module 'profile' in 0.020 seconds.
Loaded module 'rdbms' in 0.021 seconds.
Loaded module 'redis' in 0.026 seconds.
Loaded module 'reservations' in 0.005 seconds.
Loaded module 'resource' in 0.006 seconds.
Loaded module 'role' in 0.003 seconds.
Loaded module 'servicefabric' in 0.029 seconds.
Loaded module 'sql' in 0.006 seconds.
Loaded module 'storage' in 0.057 seconds.
Loaded module 'vm' in 0.016 seconds.
Loaded all modules in 0.413 seconds. (note: there's always an overhead with the first module loaded)
Extensions directory: '/Users/sakshamgupta/.azure/cliextensions'
Application event 'CommandTable.Loaded' with event data {'command_table': {'login': <azure.cli.core.commands.CliCommand object at 0x10db9f780>}}
Application event 'CommandParser.Loaded' with event data {'parser': AzCliCommandParser(prog='az', usage=None, description=None, formatter_class=<class 'argparse.HelpFormatter'>, conflict_handler='error', add_help=True)}
Application event 'CommandTableParams.Loaded' with event data {'command_table': {'login': <azure.cli.core.commands.CliCommand object at 0x10db9f780>}}
Application event 'CommandParser.Parsing' with event data {'argv': ['login']}
Application event 'CommandParser.Parsed' with event data {'command': 'login', 'args': Namespace(_command_package='login', _jmespath_query=None, _log_verbosity_debug=False, _log_verbosity_verbose=False, _output_format='json', _parser=AzCliCommandParser(prog='az login', usage=None, description='Log in to access Azure subscriptions', formatter_class=<class 'argparse.HelpFormatter'>, conflict_handler='error', add_help=True), _validators=[], allow_no_subscriptions=False, command='login', func=<azure.cli.core.commands.CliCommand object at 0x10db9f780> [...]
attempting to read file /Users/sakshamgupta/.azure/accessTokens.json as utf-8-sig
adal-python : ce7ca8b3-0344-4527-b9a9-83022d59cfb5 - Authority:Performing instance discovery: https://login.microsoftonline.com/common
adal-python : ce7ca8b3-0344-4527-b9a9-83022d59cfb5 - Authority:Performing static instance discovery
adal-python : ce7ca8b3-0344-4527-b9a9-83022d59cfb5 - Authority:Authority validated via static instance discovery
adal-python : ce7ca8b3-0344-4527-b9a9-83022d59cfb5 - CodeRequest:Getting user code info.
urllib3.connectionpool : Starting new HTTPS connection (1): login.microsoftonline.com
urllib3.connectionpool : https://login.microsoftonline.com:443 "POST /common/oauth2/devicecode?api-version=1.0 HTTP/1.1" 200 441
adal-python : ce7ca8b3-0344-4527-b9a9-83022d59cfb5 - OAuth2Client:Get Device Code Server returned this correlation_id: ce7ca8b3-0344-4527-b9a9-83022d59cfb5
To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code BWRKQR23A to authenticate.
adal-python : c1e53ba3-a9f7-42aa-b1dc-9432966c7c6f - Authority:Instance discovery/validation has either already been completed or is turned off: https://login.microsoftonline.com/common
adal-python : c1e53ba3-a9f7-42aa-b1dc-9432966c7c6f - TokenRequest:Getting a token via device code
urllib3.connectionpool : Starting new HTTPS connection (1): login.microsoftonline.com
urllib3.connectionpool : https://login.microsoftonline.com:443 "POST /common/oauth2/token HTTP/1.1" 400 404
urllib3.connectionpool : Starting new HTTPS connection (1): login.microsoftonline.com
urllib3.connectionpool : https://login.microsoftonline.com:443 "POST /common/oauth2/token HTTP/1.1" 400 404
sakshamgupta1
All 8 comments
I get the same issue if I go to aka.ms/devicelogin in a private window (so I'm not already logged in). If I use a window in which I'm already signed in, I get:
We don't recognize this code, please enter the code again.View details
CorrelationId: 309af809-55c3-413b-ad41-7a2ae30abded
Timestamp: 2017-11-30 01:01:56Z
salmicrosoft
on 30 Nov 2017
@sakshamgupta1 Could not repro. Which browser are you using to go to https://aka.ms/devicelogin? Tested on Chrome, Firefox and Safari and they worked just fine.
@salmicrosoft You should try to login again as seems that the code was already used...
guidozanon
on 2 Dec 2017
@guidozanon - Doesn't work on Chrome or Safari for me and others on our team.
sakshamgupta1
on 2 Dec 2017
@guidozanon I tried multiple times
salmicrosoft
on 2 Dec 2017
Did you try cleaning browser data? This is an Azure/Browser issue and not a code bug. Can you share the redirect loop or the browser in order to check the URLs and queryparams?
guidozanon
on 2 Dec 2017
@guidozanon Here is the URL and request params:
code:BVCNTFCB4
state:rQIIAdNiNtQzsFIxMEkyMDe3NNW1SElJ0jUxM0zUTUpKTdU1MEqzTDVMSjNPMjErEuIS-PkhLvWWh5376u9Bu8XXrCxdxShZWpRnlZlakmZVnm6Vn1hakmFlBDQxPz_pAiPjC0bGW0wC_o5AUSOX1LLM5FQQcxWzSkZJSUGxlb5-bmJeYnpqbmpeiV5yflGqXnlmXkp-ebFeXmqJ_iZmtuT83Nz8vEfMosWJ2emlBSUOuZnJRfnF-Wkg5bkXWJhesfAYsFpxcHAJcEuwKTD8YGFcxAp0Zhhr1ALxzr8-sxob-CcLMTBMYGP8wMZwgJMRAA2
flowtoken:AQABAAEAAABHh4kmS_aKT5XrjzxRAtHz_yPaKr7ozQvD3LY23LdNFzBIHfQwZ5ktIGy25c1bijyC6KbSw5LCYEYK4cyibA9fxzw8vim7ZvEuDff5INffAvu0oLPmBIdHX9SnEGZlxsnuniTXpJjoc60mSOsDMPxMPc3kOuvySIpmLrJo7vFJHqn_QMnGE_zkJJkywp50fizADAbFdOGSeathGOcJ1iI2vh13-_3-sIbQfv63RUBQQ-w-tOhZNXEuwOOztlpPKuk6cq71RGGQOLeqQbPCD8DjojvGc5baHe7yyk29u1mUy96joNNzF7Ubs5qPEZll-Nl9p8JbmXrj3WQQUH4kKz_QVHiMUGKdjBeo2msIbRRUAbaNR8NMVSUo58EJAVoX3JuGHKWq7Um0mlc1hb1-R3HBiZhVWkPyTiWk9wy9yf_nuwnrPa0l7BjqUfar1bjmnfZBTZGJBGhtSXuuQaHcGm95ruMdiWLNNx0G9vJ_DQwMsZ_CSNathfNqk1jhXQ7f91OcxgAl65FY1vd2cws1emOSO9ilUCAWRzo7HWC1a2fuoaEzvxFPXaszcUw6BNJl9wTn-bvqsHFlJbSEhOS5hS_97DBm4-DVyVq5hlnMzbFXt3zVQ9XpWVod0hKsNcp_XVlODYZPv3fDEbUO6y5TS-r5a97UWd7j0FnktyO2aCDTXyAA
sakshamgupta1
on 5 Dec 2017
For people working inside Microsoft, please follow the instructions below to opt-out the insider ring.
1. Navigate to https://login.microsoftonline.com/common/insider/[email protected] (replacing YOURALIAS with your alias).
2. Clear your browser cookies in any browser you will use to sign in to AAD that you don鈥檛 want to redirect to the insider ring.
Once you complete step 2, you should no longer be redirected to the insider ring. If you want to return to the insider ring, you can navigate to https://login.microsoftonline.com/common/insider/clear, which will remove your optout.
If you still run into issues after that or not a Microsoft employee, please contact me at yugangw at microsoft dot com
yugangw-msft
on 4 Jan 2018
Closing as no new behaviors are reported, hence I assume it is the insider ring issue
yugangw-msft
on 22 Jan 2018
Related issues
rlewkowicz
路
3Comments
seanknox
路
3Comments
amarzavery
路
3Comments
williexu
路
3Comments
FumiakiNagano
路
3Comments
Most helpful comment
For people working inside Microsoft, please follow the instructions below to opt-out the insider ring.
If you still run into issues after that or not a Microsoft employee, please contact me at yugangw at microsoft dot com