Skip to content

Get-AzAccessToken -ResourceUrl "https://management.azure.com/" fails when signed in using the -AccessToken parameter. #28028

Open
@shenglol

Description

@shenglol

Description

If users sign in using:

Connect-AzAccount -AccessToken

then running the following command:

Get-AzAcessToken -ResourceUrl "https//management.azure.com/"

will fail with the error:

Get-AzAccessToken: [AccessTokenAuthenticator] failed to retrieve access token for resource 'https://management.azure.com/';. Please ensure that you have provided the appropriate access tokens when using access token login.

However, Get-AzAcessToken -ResourceUrl "https//management.core.windows.net/" does work.

Also, if users authenticate using any other method (e.g., interactive, device code) without specifying -AccessToken, then both of the following succeed:

Get-AzAccessToken -ResourceUrl "https://management.azure.com/"
Get-AzAccessToken -ResourceUrl "https://management.core.windows.net/"

The issue seems to be related to #13527.

Could this be an edge case that the Connect-AzAccount cmdlet fail to handle?

Issue script & Debug output

Get-AzAccessToken -ResourceUrl "https://management.azure.com/" -Debug
DEBUG: 5:13:37 PM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 5:13:37 PM - GetAzureRmAccessTokenCommand begin processing with ParameterSet 'ResourceUrl'.
DEBUG: 5:13:37 PM - using account id 'shenglol'...
DEBUG: 5:13:37 PM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [Az.Accounts], Cmdlet = [Get-AzAccessToken]. Returning default value [True].
DEBUG: 5:13:37 PM - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 5:13:37 PM - [ConfigManager] Got nothing from [EnableErrorRecordsPersistence], Module = [Az.Accounts], Cmdlet = [Get-AzAccessToken]. Returning default value [False].
Get-AzAccessToken: [AccessTokenAuthenticator] failed to retrieve access token for resource 'https://management.azure.com/';. Please ensure that you have provided the appropriate access tokens when using access token login.
DEBUG: 5:13:37 PM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [Az.Accounts], Cmdlet = [Get-AzAccessToken]. Returning default value [True].
DEBUG: 5:13:37 PM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 5:13:37 PM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent:  Module: Az.Accounts:5.1.0; CommandName: Get-AzAccessToken; PSVersion: 7.5.1; IsSuccess: False; Duration: 00:00:00.0081732; SanitizeDuration: 00:00:00; Exception: [AccessTokenAuthenticator] failed to retrieve access token for resource 'https://management.azure.com/';. Please ensure that you have provided the appropriate access tokens when using access token login.;
DEBUG: 5:13:37 PM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 5:13:37 PM - GetAzureRmAccessTokenCommand end processing.

Environment data

Name                           Value
----                           -----
PSVersion                      7.5.1
PSEdition                      Core
GitCommitId                    7.5.1
OS                             Microsoft Windows 10.0.22621
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     5.1.0                 Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}

Error output

Get-AzAccessToken: [AccessTokenAuthenticator] failed to retrieve access token for resource 'https://management.azure.com/';. Please ensure that you have provided the appropriate access tokens when using access token login.

Metadata

Metadata

Assignees

No one assigned

    Labels

    AccountsIssues in Az.Accounts except authentication relatedAzure PS TeamSimilar-Issuefeature-requestThis issue requires a new behavior in the product in order be resolved.good first issueIssues suited for folks who want to help for the first time.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions