azure-cli icon indicating copy to clipboard operation
azure-cli copied to clipboard
verified publisher icon Azure

Unable to login via az login --scope https://graph.microsoft.com/.default

Open deepanshusingh93 opened this issue 2 years ago • 5 comments

Describe the bug

I am trying to use "terraform apply" command on WSL. Facing below error message Error: building account: could not acquire access token to parse claims: running Azure CLI: exit status 1: ERROR: AADSTS530003: Your device is required to be managed to access this resource. Trace ID: b13f7094-564d-484a-bf0a-7943d2188a00 Correlation ID: 6109f588-c22c-48fc-ab31-99035cbe523a Timestamp: 2023-12-19 10:57:18Z │ To re-authenticate, please run: │ az login --scope https://graph.microsoft.com/.default │ │ with provider["registry.terraform.io/hashicorp/azurerm"], │ on main.tf line 3, in provider "azurerm": │ 3: provider "azurerm" { │

and If I try to login via az login --scope https://graph.microsoft.com/.default. It is giving me

`Authentication failed access_denied: $error_description. ($error_uri)

You can log an issue at Azure CLI GitHub Repository and we will assist you in resolving it.`

Related command

terraform apply az login --scope https://graph.microsoft.com/.default

Errors

Error: building account: could not acquire access token to parse claims: running Azure CLI: exit status 1: ERROR: AADSTS530003: Your device is required to be managed to access this resource. Trace ID: b13f7094-564d-484a-bf0a-7943d2188a00 Correlation ID: 6109f588-c22c-48fc-ab31-99035cbe523a Timestamp: 2023-12-19 10:57:18Z │ To re-authenticate, please run: │ az login --scope https://graph.microsoft.com/.default │ │ with provider["registry.terraform.io/hashicorp/azurerm"], │ on main.tf line 3, in provider "azurerm": │ 3: provider "azurerm" { │

Issue script & Debug output

NA

Expected behavior

It should login via az login --scope https://graph.microsoft.com/.default

Environment Summary

deepanshu_linux@Deepanshu-PC:~/fcore-fusion-core/pctt/iac/aks_arm$ az --version azure-cli 2.39.0 *

core 2.39.0 * telemetry 1.0.6 *

Extensions: k8s-extension 1.4.0 customlocation 0.1.3

Dependencies: msal 1.18.0b1 azure-mgmt-resource 21.1.0b1

Python location '/opt/az/bin/python3' Extensions directory '/home/deepanshu_linux/.azure/cliextensions'

Python (Linux) 3.10.5 (main, Jul 29 2022, 03:26:59) [GCC 9.4.0]

Legal docs and information: aka.ms/AzureCliLegal

You have 3 updates available. Consider updating your CLI installation with 'az upgrade'

Please let us know how we are doing: https://aka.ms/azureclihats and let us know if you're interested in trying out our newest features: https://aka.ms/CLIUXstudy deepanshu_linux@Deepanshu-PC:~/fcore-fusion-core/pctt/iac/aks_arm$

Additional context

No response

deepanshusingh93 avatar Dec 19 '23 11:12 deepanshusingh93

Hi @deepanshusingh93,

2.39.0 is not the latest Azure CLI(2.55.0).

If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

azure-client-tools-bot-prd[bot] avatar Dec 19 '23 11:12 azure-client-tools-bot-prd[bot]

Thank you for opening this issue, we will look into it.

yonzhan avatar Dec 19 '23 11:12 yonzhan

Still facing same issue

deepanshu_linux@Deepanshu-PC:~/fcore-fusion-core/pctt/iac/aks_arm$ terraform apply ╷ │ Error: building account: could not acquire access token to parse claims: running Azure CLI: exit status 1: ERROR: AADSTS530003: Your device is required to be managed to access this resource. Trace ID: 80a6c68a-4bb5-4a2c-8051-60e6c1e45200 Correlation ID: ea82286c-d234-4fa2-b716-892f790b881d Timestamp: 2023-12-19 11:27:14Z │ Interactive authentication is needed. Please run: │ az login --scope https://graph.microsoft.com/.default │ │ with provider["registry.terraform.io/hashicorp/azurerm"], │ on main.tf line 3, in provider "azurerm": │ 3: provider "azurerm" { │ ╵ deepanshu_linux@Deepanshu-PC:~/fcore-fusion-core/pctt/iac/aks_arm$ deepanshu_linux@Deepanshu-PC:~/fcore-fusion-core/pctt/iac/aks_arm$ deepanshu_linux@Deepanshu-PC:~/fcore-fusion-core/pctt/iac/aks_arm$ az login --scope https://graph.microsoft.com/.default A web browser has been opened at https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with az login --use-device-code. gio: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A41079&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default+offline_access+openid+profile&state=YIvrBujiJhEANtyo&code_challenge=mvevGgLiY4KaM2Fxgx9XtCLkvVbM3BinipSlgVyfXgQ&code_challenge_method=S256&nonce=ad96bd626b9b83216e4a34c7b20bf2d0d4ef2f16ed646a58e516de85b6882033&client_info=1&claims=%7B%22access_token%22%3A+%7B%22xms_cc%22%3A+%7B%22values%22%3A+%5B%22CP1%22%5D%7D%7D%7D&prompt=select_account: Operation not supported

deepanshusingh93 avatar Dec 19 '23 12:12 deepanshusingh93

this workaround works for me: https://github.com/Azure/azure-cli/issues/27879#issuecomment-1835743397

dylanw-oss avatar Jun 01 '24 02:06 dylanw-oss

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

microsoft-github-policy-service[bot] avatar Dec 06 '25 00:12 microsoft-github-policy-service[bot]