azure-cli: `az login --use-device-code` fails: AADSTS70020: The provided value for the input parameter 'device_code' is not valid. This device code has expired.

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name az login

Errors:

AADSTS70020: The provided value for the input parameter 'device_code' is not valid. This device code has expired.
Trace ID: a8f3578e-d4cb-44ac-91a8-64c1322d6f00
Correlation ID: ed438693-0685-4cfe-923e-b73b5cd759e5
Timestamp: 2022-05-03 08:56:46Z

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

  • Put any pre-requisite steps here…
  • az login -t {} --use-device-code

Tried many times. Worked fine last week so I tried with 2.35.0. Same result.

Expected Behavior

Succesfull login. Or at least a device code that doesn’t expire after 1-5 seconds.

Environment Summary

Linux-5.17.5-arch1-1-x86_64-with-glibc2.35, Arch Linux
Python 3.10.4
Installer: 

azure-cli 2.36.0 and 2.35.0

Additional Context

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 4
  • Comments: 18 (6 by maintainers)

Most upvoted comments

This issue has been mitigated by AAD service team. Please retry az login --use-device-code and let us know if you can get unblocked.

+2
jiasli on May 3, 2022

No longer having issues! ✔️

+1
usrme on May 4, 2022

We are working internally with ESTS team with highest priority. We will keep you updated in this GitHub issue.

+1
jiasli on May 3, 2022

This issue affected all client tools rather than Azure CLI and needs to be fixed by AAD service.

+1
yonzhan on May 3, 2022

Judging from

x-ms-ests-server: 2.1.12651.9 - WEULR1 ProdSlices
x-ms-ests-server: 2.1.12651.9 - WEULR2 ProdSlices

This should be happening for westeurope. I will keep you updated as soon as there is any updates.

+1
jiasli on May 3, 2022

I saw an internal incident has already been opened for this issue. I will check with AAD team and let you know if there is any update.

Meanwhile, could you also run the command with -i which will show more info about the server?

$ curl -d 'client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2F.default+offline_access+openid+profile' https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode -i
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: e44170d4-f198-4612-bffd-864786490100
x-ms-ests-server: 2.1.12651.9 - KRSLR1 ProdSlices
X-XSS-Protection: 0
Set-Cookie: fpc=AjQrn3OX4ZpMrEh-DcSa_KN1eSrYAQAAAI4CA9oOAAAA; expires=Thu, 02-Jun-2022 11:01:34 GMT; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: esctx=AQABAAAAAAD--DLA3VO7QrddgJg7Wevrbw5Gj3oEcz48n1UFHRDjhlPUW-VM6cAuMkNDQHDdJ2YFkDzcsbGEed3xwdN4LKO06EBt22_LPpLUVKEaB-1nBIU2D2uTZL-qSKzHMgVz0WI2vqjiORS7wR4yc-e-r69jljQArnK3EMI7bExXist-PhAmtYZ4p7E4yHX6O5g_9McgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Tue, 03 May 2022 11:01:34 GMT
Content-Length: 473

{"user_code":"xxx","device_code":"xxx","verification_uri":"https://microsoft.com/devicelogin","expires_in":900,"interval":5,"message":"To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code xxx to authenticate."}
+1
jiasli on May 3, 2022
Read more comments on GitHub
← azure-cli: az login --identity gives errors: json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
azure-cli: az login: Failed to establish a new connection: [Errno -2] Name does not resolve →