azure-cli: Getting token from Cloud Shell intermittently fails with 400 Client Error: Bad Request
I’m getting following when I’m running following command :
ARM_CLIENT_SECRET=$(az ad sp create-for-rbac
–name http://tf-sp-$UNIQUE_ID
–role Contributor
–scopes “/subscriptions/$ARM_SUBSCRIPTION_ID”
–query password
–output tsv)
Please note that I’ve stored ARM Subscription ID successfully and ran above command as part of creating Service Principal.
This is autogenerated. Please review and update as needed.
Describe the bug
Command Name
az ad sp create-for-rbac
Errors:
400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token
Traceback (most recent call last):
python3.6/site-packages/knack/cli.py, ln 206, in invoke
cmd_result = self.invocation.execute(args)
cli/core/commands/__init__.py, ln 608, in execute
raise ex
cli/core/commands/__init__.py, ln 666, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
...
python3.6/site-packages/msrestazure/azure_active_directory.py, ln 486, in get_msi_token
result.raise_for_status()
python3.6/site-packages/requests/models.py, ln 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token
To Reproduce:
Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.
- Put any pre-requisite steps here…
az ad sp create-for-rbac --name {} --role {} --scopes {} --query {} --output {}
Expected Behavior
Environment Summary
Linux-4.15.0-1064-azure-x86_64-with-debian-stretch-sid
Python 3.6.5
Shell: bash
azure-cli 2.0.78
Additional Context
About this issue
- Original URL
- State: open
- Created 4 years ago
- Reactions: 1
- Comments: 24 (10 by maintainers)
400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token
is a known issue of Cloud Shell that it intermittently fails with this error.Workarounds
There are 2 workarounds:
az login
and retry the command@maertendMSFT any update for this issue ? There are a bunch of customers are impacted by this.
Running
az login
isn’t an acceptable workaround. MSI login allows for elevated commands like “az ad app” which will be blocked otherwise.@jiasli this is still happening and hurt AKS user experience, please prioritize and fix this issue.
This worked for me. Thanks.
@sherdana, your message is corrupted. Also, you are not on Cloud Shell, but Windows machine. Please create a new issue with detailed information and error message.
I get the same error using Windows 11 - Windows Terminal, click on the drop-down to get to an Azure Cli instance. Following the device login page I’m able to work other commands but not the below: