azuredatastudio: Getting error while connecting to azure sql server. Error: Token retrival failed with an error. Open developer tools to view the error

  • Azure Data Studio Version: 1.21.0 (macos)

Steps to Reproduce:

  • followed below approach when i got this error Token retrival failed with an error. Open developer tools to view the error
  1. Add connection type as Microsoft SQL Server
  2. Choose Authentication type as Azure Active Directory - Universal with MFA support
  3. Put Database name 4 Try to connect

I remember i started getting this issue once i changed my AAD password.

Screenshot 2020-09-05 at 6 03 02 PM Screenshot 2020-09-05 at 6 03 45 PM

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 10
  • Comments: 40 (4 by maintainers)

Most upvoted comments

Same action and error image I was able to work around by clearing files from C:\Users\{UserNameHere}\AppData\Roaming\azuredatastudio\Azure Accounts Then reloading the app. On first load got a blank error notification, second load OK then could connect to server

If you are on Mac, the path to the folder containing the files that should be deleted is:

~/Library/Application Support/azuredatastudio/Azure Accounts

on mac, the folder path is: ~/Library/Application Support/azuredatastudio/Azure Accounts. I closed Azure Data Studio, removed the file azureTokenCache_azure_publicCloudin this folder and restarted Azure Data Studio and it worked again.

Hi @lluthus

There are two issues I’ve found with Azure Data Studio’s implementation of Azure AD - Universal with MFA support authentication.

Token refresh failure:

You will find that after about 2 weeks the token dies and will not refresh as you would expect. No amount of trying to open a new connection will trigger the re-auth process.

Solution: Close Azure Data Studio and delete the cached token here: C:\Users\YOUR_USERNAME\AppData\Roaming\azuredatastudio\Azure Accounts

(Note you need to replace YOUR_USERNAME with your local user folder on windows):

HSTS / localhost pinned to https:

You may find due to development work or other applications authenticating that the ‘localhost’ domain has become pinned to HTTPS only in your default browser. When Azure data studio tries to reauthenticate (it opens a browser window with localhost address over http which redirects to Microsoft auth page for you to login). This fails if localhost is pinned to https only.

Solution: To resolve load chrome, Edge or browser you are using and find HSTS settings:

Example in Chrome paste in the address bar: chrome://net-internals/#hsts

First confirm the domain’s HSTS settings are recorded by Chrome by typing the hostname ‘localhost’ into the ‘Query HSTS/PKP domain’ section and click Query.

If the Query box returns a result, then type the same hostname ‘localhost’ into the ‘Delete domain security policies’ section and click Delete.

Now try reconnecting in AzureData Studio.

Hope this helps save countless hours of wasted time.

We made a change to the Grant token refresh code in Feb that should help in some of the scenarios discussed in this issue (specifically password change or token expiration). I’m seeing a notification on startup when the password is expired (and will look into removing that). But the account is refreshing as expected in the Accounts dialog and connections are successful after updating the token. Are you still seeing this on 1.35.1 or later build?

I created a PowerShell script (compatible with Windows and macOS) to automatically close ADS, delete the file(s) in the Azure Accounts directory, then relaunch ADS:

# Set OS-specific variables
if($IsMacOS) {
  $app = '/Applications/Azure Data Studio.app'
  $process = Get-Process | Where-Object { $_.Path -like "$app*" }
  $token_path = '~/Library/Application Support/azuredatastudio/Azure Accounts/'
} else {
  $app = 'azuredatastudio'
  $process = Get-Process azuredatastudio
  $token_path = '~/AppData/Roaming/AzureDataStudio/Azure Accounts'
}

# Stop all running instances of Azure Data Studio
Write-Host 'Confirm you want to stop the process(es) found...' -ForegroundColor DarkYellow 
$process | Stop-Process -Confirm


# Remove all files from Azure Accounts directory
Write-Host 'Confirm you want to delete the token file(s) found...' -ForegroundColor DarkYellow
Get-ChildItem $token_path | Remove-Item -Confirm


# Launch Azure Data Studio
try {
  Start-Process -FilePath $app

  Write-Host 'Done! Launching Azure Data Studio...' -ForegroundColor Cyan
}
catch {
  Write-Host 'Failed to reopen Azure Data Studio' -ForegroundColor DarkYellow
}

I’m gonna be adding it as a cmdlet to my local Azure module with the name CompensateFor-AzureDataStudioInadequacies.

I was unable to follow the workaround above (couldn’t find the specified path on mac) but found a different workaround within Azure Data Studio (v 1.34.0):

  1. Click the “Accounts” (user icon) button on the bottom left
  2. Remove the faulty account
  3. Re-add the account, either with the “add user” icon in that pane, or by editing the connection and selecting “Add an account…” in the Account drop-down

On Ubuntu, the folder path is: /home/$USER/.config/azuredatastudio/Azure Accounts