azure-sdk-for-python: ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.
- Package Name: azure.identity
- Package Version: 1.12.0
- Operating System: Windows
- Python Version: 3.7.12
Describe the bug I load ml_client as below, from config.json in local folder.
credential = DefaultAzureCredential()
ml_client = MLClient(credential, subscription_id, resource_group, workspace_name)
I get below error when ml_client trys to get the token internally. Its collecting stale token from cache.
File "C:\go\setup\anaconda\envs\e2e_test\lib\site-packages\azure\identity\_credentials\chained.py", line 108, in get_token
raise ClientAuthenticationError(message=message)
azure.core.exceptions.ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
Visit https://aka.ms/azsdk/python/identity/environmentcredential/troubleshoot to troubleshoot.this issue.
ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.
SharedTokenCacheCredential: Azure Active Directory error '(invalid_grant) AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '2023-02-09T17:58:24.8491242Z' and the TokensValidFrom date (before which tokens are not valid) for this user is '2023-02-18T15:27:11.0000000Z'.
Trace ID: 6849addd-100a-497e-887e-c2bc6f5c0300
Correlation ID: a1dc633f-0908-4613-8248-ad10ee704be8
Timestamp: 2023-02-21 09:34:07Z'
Content: {"error":"invalid_grant","error_description":"AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '2023-02-09T17:58:24.8491242Z' and the TokensValidFrom date (before which tokens are not valid) for this user is '2023-02-18T15:27:11.0000000Z'.\r\nTrace ID: 6849addd-100a-497e-887e-c2bc6f5c0300\r\nCorrelation ID: a1dc633f-0908-4613-8248-ad10ee704be8\r\nTimestamp: 2023-02-21 09:34:07Z","error_codes":[50173],"timestamp":"2023-02-21 09:34:07Z","trace_id":"6849addd-100a-497e-887e-c2bc6f5c0300","correlation_id":"a1dc633f-0908-4613-8248-ad10ee704be8","error_uri":"https://login.microsoftonline.com/error?code=50173"}
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.
- I am able to authenticate using InteractiveBrowserCredential()
- I am able to authenticate using cliI don’t remember changing password recently
- I tried, to do az upgrade, az login, clear cache in .azure folder under C://Users/<alias>; but DefaultAzureCredential() didn’t work. It was still taking stale token.
I was able to resolve above issue by manually deleting msal.cache , msalV2.cache files under .IdentityService folder, under os.environ[“LOCALAPPDATA”]
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 21 (7 by maintainers)
It looks to me that you have logged in using Visual Studio and the token has expired.
Can you try
to see if it works?
Issue has been solved by adding managed identity. You can close the issue. Thanks for the help.