Skip to content

ClientSecretCredential.get_token() fails in case of azurestack if we provide 'authority' URL  #22625

Closed
Closed
ClientSecretCredential.get_token() fails in case of azurestack if we provide 'authority' URL #22625
Assignees
xiangyan99
Labels
Azure.IdentityClientThis issue points to a problem in the data-plane of the library.customer-reportedIssues that are reported by GitHub users external to the Azure organization.issue-addressedWorkflow: The Azure SDK team believes it to be addressed and ready to close.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@Mrbm5

Description

@Mrbm5
Mrbm5
opened on Jan 21, 2022
  • Package Name: azure-identity:
  • Package Version: 1.6.1:
  • Operating System: ubuntu20.04:
  • Python Version: 3.8.10:

Describe the bug
To authenticate python SDK to azure Stack hub we use ClientSecretCredential method and pass required parameters like
ClientSecretCredential( tenant_id=tenantid, client_id=clientid, client_secret=secretkey, cloud_environment=cloud, authority=auth_resource).

when user pass authority url 'https://management.private_domain.onmicrosoft.com/<b9ae38c5-####>' parameter expilicitly the ClientSecretCredential.get_token() method throwing an error instead of successful response.
ClientSecretCredential.get_token failed: Authentication failed: invalid_instance: The authority you provided, https://management.private_domain.onmicrosoft.com/<b9ae38c5-####>/<ed83b0eb-tenant_id>, is not whitelisted. If it is indeed your legit customized domain name, you can turn off this check by passing in validate_authority=False.

looks like the azure sdk explicitly appending tenant_id to the authority URL.

**msal_credentials.py**
def _create_app(self, cls, **kwargs):
        # type: (Type[msal.ClientApplication], **Any) -> msal.ClientApplication
        app = cls(
            client_id=self._client_id,
            client_credential=self._client_credential,
            **authority="{}/{}".format(self._authority, self._tenant_id)**,

can you please provide us more information about the change and how user can pass the authority URL.
if we dont pass 'authority URL' then its working but with authority URL it fails.

To Reproduce
Steps to reproduce the behavior:

  1. try to provide authority url along with other required parameters while creating ClientSecretCredential.

Expected behavior
ClientSecretCredential.get_token() should work if user pass the authority URL.

Metadata

Metadata

Assignees

Labels

Azure.IdentityClientThis issue points to a problem in the data-plane of the library.customer-reportedIssues that are reported by GitHub users external to the Azure organization.issue-addressedWorkflow: The Azure SDK team believes it to be addressed and ready to close.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions