terraform-provider-azuread: azuread v2.x auth error
I want to refer to azuread_user in data source using azuread 2.0 (microsoft graph). However, as soon as I use azuread2.x, authentication (Azure CLI) doesn’t work. It did not occur before azuread 1.6 (not mictosoft graph).
【Error】 │ Error: building client: unable to parse claims in access token: illegal base64 data at input byte 631 │ │ with provider[“registry.terraform.io/hashicorp/azuread”], │ on main.tf line 22, in provider “azuread”: │ 22: provider “azuread” {
【Code】
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.75.0"
}
azuread = {
source = "hashicorp/azuread"
version = "=2.1.0"
}
}
}
### Configure the Microsoft Azure Provider
provider "azurerm" {
subscription_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
features {}
}
provider "azuread" {
use_msi = false
use_cli = true
tenant_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
data "azuread_domains" "example" {
only_initial = true
}
data "azurerm_client_config" "my_conf" {}
data "azuread_user" "admins_operation" {
object_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 1
- Comments: 16 (3 by maintainers)
The reason that the bug hasn’t been hit is not obvious… The likely cause is that the original reporter and I are from the same asian country where texts in the language spoken are often encoded as UTF-8 to bytes with their MSBs being set. This might, with a higher probability, result in base64 encoded strings containing symbols. Actually, for my case, the base64 error occurred right before the place my family name in kanji that is contained in the claim occurs.
Whew! I modified
auth/claims.go
so that the right decoder is applied as follows and it finally worked:I’m gonna send a patch to hamilton shortly.
This functionality has been released in v2.2.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!