Azure-sdk-for-python: msrest.exceptions.AuthenticationError: , InvalidClientIdError: (invalid_request) AADSTS90013: Invalid input received from the user.

Created on 16 Nov 2017  路  9Comments  路  Source: Azure/azure-sdk-for-python

Hi Team,

My name is George from China Azure support team. The question details and reproduce steps are as bellow. Please confirm if it's a bug? Any suggestions?

Details:

If azure account password contains string like "<[a-zA-Z]", some samples as bellow:
" " ....
we can reproduce the issue.

Env:

Python: 3.6.2 | 2.7.13
azure-common (1.1.8)
oauthlib (2.0.2)
requests (2.18.3)
requests-oauthlib (0.8.0)

Code:

from azure import *
from azure.common.credentials import UserPassCredentials
from msrest.serialization import *

pwd = 'DEV@!321> credentials = UserPassCredentials(
"[email protected]",
pwd,
china=True
)
print 'auth sucess'

Error:

Traceback (most recent call last):
File "D:\workspace\python\pys\auth_operation.py", line 13, in
china=True
File "C:\Python27\lib\site-packages\msrestazure\azure_active_directory.py", line 348, in __init__
self.set_token()
File "C:\Python27\lib\site-packages\msrestazure\azure_active_directory.py", line 384, in set_token
raise_with_traceback(AuthenticationError, "", err)
File "C:\Python27\lib\site-packages\msrest\exceptions.py", line 50, in raise_with_traceback
raise error
msrest.exceptions.AuthenticationError: , InvalidClientIdError: (invalid_request) AADSTS90013: Invalid input received from the user.
Trace ID: cb726b0c-400f-452e-8e74-48e74a920300
Correlation ID: adbc49fc-58fe-4f4e-aa2b-1e49b7049d7f
Timestamp: 2017-11-16 07:04:41Z

ARM Service Attention bug
Source
picture hello-azure

All 9 comments

Hi @hello-azure
Did you reproduce this issue on public Azure? I don't have a China subscription :/

Could you try ADAL, and let me know if it's better:
https://github.com/AzureAD/azure-activedirectory-library-for-python

Just try to get a token using ADAL (not necessary to do an SDK call).

lmazuel picture lmazuel on 16 Nov 2017

@lmazuel Actually, I'm the customer who met this issue. And I have reproduced this issue on public Azure.

It gives exactly the same error when I was using a public Azure subscription.

Sraw picture Sraw on 17 Nov 2017

Hi lmazuel,
As the issue is easy to reproduce, customer also tested public azure, so could you check it?

hello-azure picture hello-azure on 21 Nov 2017

Same issue here. Any updated on this?

pmarques picture pmarques on 14 Jan 2018

Is this issue too difficult for even the top software company to solve?

Sraw picture Sraw on 15 Jan 2018

Hi @Sraw
This is not a problem of difficulty, but of time and priority. If you have time to help, note that I kindly asked if someone could test with ADAL. This would be valuable information :)
Thanks,

lmazuel picture lmazuel on 16 Jan 2018

I confirm this works correctly with ADAL. Until I found time to investigate this code, suggested workaround is to use AdalAuthentication wrapper:
https://docs.microsoft.com/python/azure/python-sdk-azure-authenticate

lmazuel picture lmazuel on 16 Jan 2018

Narrowed this down to requests-oauthlib issue:

from oauthlib.oauth2 import LegacyApplicationClient
from requests_oauthlib import OAuth2Session
oauth = OAuth2Session(client=LegacyApplicationClient(client_id="04b07795-8ddb-461a-bbee-02f9e1bf7b46"))
token = oauth.fetch_token(token_url="https://login.microsoftonline.com:443/common/oauth2/token", username=username, password=pwd, client_id="04b07795-8ddb-461a-bbee-02f9e1bf7b46")

# Raise InvalidClientIdError: (invalid_request) AADSTS90013: Invalid input received from the user.

At this point, could be a bug in oauthlib or requests_oauthlib.

Since UserPassCredentials is considered deprecated (see doc), please update your code:

credentials = UserPassCredentials(
    "[email protected]",
    pwd,
    china=True
)

to this:

    import adal
    from msrestazure.azure_active_directory import AdalAuthentication
    from msrestazure.azure_cloud import AZURE_CHINA_CLOUD

    # Use legacy client_id
    CLIENT = '04b07795-8ddb-461a-bbee-02f9e1bf7b46'

    LOGIN_ENDPOINT = AZURE_CHINA_CLOUD.endpoints.active_directory
    RESOURCE = AZURE_CHINA_CLOUD.endpoints.active_directory_resource_id

    context = adal.AuthenticationContext(LOGIN_ENDPOINT + '/common')
    credentials = AdalAuthentication(
        context.acquire_token_with_username_password,
        RESOURCE,
        "[email protected]",
        pwd,
        CLIENT
    )
lmazuel picture lmazuel on 16 Jan 2018
👍1

@lmazuel Thanks for your efforts.

Sraw picture Sraw on 17 Jan 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

christonog picture christonog  路  4Comments
ntzhong picture ntzhong  路  3Comments
ghost picture ghost  路  4Comments
raviteja59 picture raviteja59  路  3Comments
stawo picture stawo  路  3Comments