Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] [MSAL] Azure-Identity: UsernamePasswordCredential.GetToken was unable to retrieve an access token (Value cannot be null. (Parameter 'tenantId')) #47584

Open
johnypony3 opened this issue Dec 16, 2024 · 17 comments
Assignees
Labels
Azure.Identity customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@johnypony3
Copy link

johnypony3 commented Dec 16, 2024

Library name and version

Azure.Identity 1.13.1

Describe the bug

Starting at 1.11.0 the code below does not work. If I downgrade to one version lower, 1.10.4 this code works without issue.

using Azure.Core.Diagnostics;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Compute;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Storage;

const string AZ_CLIENT_ID = "";
const string AZ_LOGIN_TENANT = "adfs";
const string AZ_PASS = "";
const string AZ_USER = "";
const string DEFAULT_TCP_RESOURCE_GROUP = "";
const string NAME = "";
const string SERIAL = "";

string LOGIN_ENDPOINT = $"https://login.{SERIAL}.microsoftdatabox.com";
string MANAGEMENT_ENDPOINT = $"https://management.{SERIAL}.microsoftdatabox.com";

using var listener = AzureEventSourceListener.CreateConsoleLogger();

var tokenOptions = new UsernamePasswordCredentialOptions
{
    AuthorityHost = new Uri(LOGIN_ENDPOINT),
    Diagnostics =
                {
                    IsLoggingContentEnabled = true,
                    LoggedHeaderNames = { "x-ms-request-id", "Authorization" },
                    LoggedQueryParameters = { "api-version" },
                }
};

var ArmClientOptions = new ArmClientOptions
{
    Environment = new ArmEnvironment(new Uri(MANAGEMENT_ENDPOINT), MANAGEMENT_ENDPOINT)
};

ArmClientOptions.SetApiVersion(ResourceGroupResource.ResourceType, "2019-10-01");
ArmClientOptions.SetApiVersion(VirtualMachineResource.ResourceType, "2020-06-01");
ArmClientOptions.SetApiVersion(DiskImageResource.ResourceType, "2020-06-01");
ArmClientOptions.SetApiVersion(VirtualNetworkResource.ResourceType, "2018-11-01");
ArmClientOptions.SetApiVersion(NetworkInterfaceResource.ResourceType, "2018-11-01");
ArmClientOptions.SetApiVersion(StorageAccountResource.ResourceType, "2019-06-01");
ArmClientOptions.SetApiVersion(BlobContainerResource.ResourceType, "2019-06-01");

var creds = new UsernamePasswordCredential(AZ_USER, AZ_PASS, AZ_LOGIN_TENANT, AZ_CLIENT_ID, tokenOptions);

ArmClient armClient = new(creds, "", ArmClientOptions);

var rgClient = armClient
    .GetDefaultSubscription()
    .GetResourceGroup(DEFAULT_TCP_RESOURCE_GROUP);

Expected behavior

No erros

Actual behavior

Errors with this:

[Informational] Azure-Identity: UsernamePasswordCredential.GetToken invoked. Scopes: [ https://management.redacted.microsoftdatabox.com/.default ] ParentRequestId: 606ed31c-a999-48e3-bb8d-4b3d08c8da5b
[Informational] Azure-Identity: UsernamePasswordCredential.Authenticate invoked. Scopes: [ https://management.redacted.microsoftdatabox.com/.default ] ParentRequestId: 606ed31c-a999-48e3-bb8d-4b3d08c8da5b
[Informational] Azure-Identity: UsernamePasswordCredential.Authenticate was unable to retrieve an access token. Scopes: [ https://management.redacted.microsoftdatabox.com/.default ] ParentRequestId: 606ed31c-a999-48e3-bb8d-4b3d08c8da5b Exception: Azure.Identity.AuthenticationFailedException (0x80131500): UsernamePasswordCredential authentication failed: Value cannot be null. (Parameter 'tenantId')
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot
---> System.ArgumentNullException (0x80004003): Value cannot be null. (Parameter 'tenantId')
[Informational] Azure-Identity: UsernamePasswordCredential.GetToken was unable to retrieve an access token. Scopes: [ https://management.redacted.microsoftdatabox.com/.default ] ParentRequestId: 606ed31c-a999-48e3-bb8d-4b3d08c8da5b Exception: Azure.Identity.AuthenticationFailedException (0x80131500): UsernamePasswordCredential authentication failed: Value cannot be null. (Parameter 'tenantId')
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot
---> System.ArgumentNullException (0x80004003): Value cannot be null. (Parameter 'tenantId')

Reproduction Steps

Change to version 1.11.0 or later to fail
Change to version 1.10.4 or earlier to work

Environment

Windows, VS2022, .net 6 or 8

ASE is disconnected

@github-actions github-actions bot added Azure.Identity customer-reported Issues that are reported by GitHub users external to the Azure organization. Mgmt This issue is related to a management-plane library. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Dec 16, 2024
Copy link

Thank you for your feedback. Tagging and routing to the team member best able to assist.

@christothes
Copy link
Member

Hi @johnypony3 -
Could you please provide the full stack trace from the exception you are seeing? Also, it appears that you already have logging enabled. Can you share the logs as well?

I tried to reproduce the error based on your configuration above and I don't see the problem.

@christothes christothes added the needs-author-feedback Workflow: More information is needed from author to address the issue. label Dec 17, 2024
@github-actions github-actions bot removed the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Dec 17, 2024
Copy link

Hi @johnypony3. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.

@johnypony3
Copy link
Author

johnypony3 commented Dec 17, 2024

@christothes I will provide the info, currently afk. I will update my post with the ASE being disconnected. Could you try that way please?

The only logs I have are provided. Please advise if there is anything I can do to facilitate more verbose logging.

I also updated the code to the tenant id being asdf.

Apologies for missing these pieces of info, thank you for your time.

@github-actions github-actions bot added needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team and removed needs-author-feedback Workflow: More information is needed from author to address the issue. labels Dec 17, 2024
@johnypony3
Copy link
Author

@christothes I believe this issue is what I am having still: AzureAD/microsoft-authentication-library-for-dotnet#4860

@christothes
Copy link
Member

It appears different to me, but the full stack trace and the full logging output should provide more context.

@christothes christothes added the needs-author-feedback Workflow: More information is needed from author to address the issue. label Dec 17, 2024
@github-actions github-actions bot removed the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Dec 17, 2024
Copy link

Hi @johnypony3. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.

@johnypony3
Copy link
Author

johnypony3 commented Dec 17, 2024

Got it, I am new to this space and I am looking for clues :)

I added loggers with LogAlways with the results below.

I'd like to point out that with fiddler enabled, I do not see any calls being made when using version 1.13.1 of the Azure.Identity package. This error is happening locally.

Console logs:

[Informational] Azure-Identity: UsernamePasswordCredential.GetToken invoked. Scopes: [ https://management.redacted.microsoftdatabox.com/.default ] ParentRequestId: 
[Informational] Azure-Identity: UsernamePasswordCredential.Authenticate invoked. Scopes: [ https://management.redacted.microsoftdatabox.com/.default ] ParentRequestId: 
[Informational] Azure-Identity: UsernamePasswordCredential.Authenticate was unable to retrieve an access token. Scopes: [ https://management.redacted.microsoftdatabox.com/.default ] ParentRequestId:  Exception: Azure.Identity.AuthenticationFailedException (0x80131500): UsernamePasswordCredential authentication failed: Value cannot be null. (Parameter 'tenantId')
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot
 ---> System.ArgumentNullException (0x80004003): Value cannot be null. (Parameter 'tenantId')
[Informational] Azure-Identity: UsernamePasswordCredential.GetToken was unable to retrieve an access token. Scopes: [ https://management.redacted.microsoftdatabox.com/.default ] ParentRequestId:  Exception: Azure.Identity.AuthenticationFailedException (0x80131500): UsernamePasswordCredential authentication failed: Value cannot be null. (Parameter 'tenantId')
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot
 ---> System.ArgumentNullException (0x80004003): Value cannot be null. (Parameter 'tenantId')
Error: UsernamePasswordCredential authentication failed: Value cannot be null. (Parameter 'tenantId')
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot

Stack trace:

Timestamp: 12/17/2024 7:33:38 PM
Exception: AuthenticationFailedException
Message: UsernamePasswordCredential authentication failed: Value cannot be null. (Parameter 'tenantId')
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot
Formatted Stack Trace:
  at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow in Unknown File:line 0
  at Azure.Identity.UsernamePasswordCredential+<AuthenticateImplAsync>d__31.MoveNext in Unknown File:line 0
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw in Unknown File:line 0
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess in Unknown File:line 0
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification in Unknown File:line 0
  at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1+ConfiguredTaskAwaiter.GetResult in Unknown File:line 0
  at Azure.Identity.UsernamePasswordCredential+<GetTokenImplAsync>d__32.MoveNext in Unknown File:line 0
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw in Unknown File:line 0
  at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow in Unknown File:line 0
  at Azure.Identity.UsernamePasswordCredential+<GetTokenImplAsync>d__32.MoveNext in Unknown File:line 0
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw in Unknown File:line 0
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess in Unknown File:line 0
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification in Unknown File:line 0
  at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult in Unknown File:line 0
  at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted in Unknown File:line 0
  at Azure.Identity.UsernamePasswordCredential.GetToken in Unknown File:line 0
  at Program.Main in C:\Users\v-redacted\source\TCP-ArmClient\TCP-ArmClient\Program.cs:line 56

@github-actions github-actions bot added needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team and removed needs-author-feedback Workflow: More information is needed from author to address the issue. labels Dec 17, 2024
@ArthurMa1978 ArthurMa1978 removed the Mgmt This issue is related to a management-plane library. label Dec 18, 2024
@christothes
Copy link
Member

Thanks @johnypony3 - in the stack trace above, is there possibly an inner exception that is missing? There is nowhere in Azure.Identity directly that throws that ArgumentNullException for tenantId during the GetToken code path, but it's possible that it is coming from one of its dependencies. If not, can you run your repro under the debugger and enable all exceptions to see from where this is being thrown?

@christothes christothes added the needs-author-feedback Workflow: More information is needed from author to address the issue. label Dec 18, 2024
@github-actions github-actions bot removed the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Dec 18, 2024
Copy link

Hi @johnypony3. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.

@johnypony3
Copy link
Author

{
    "Timestamp": "12/18/2024 6:22:35 PM",
    "ExceptionDetails": {
        "Type": "Azure.Identity.AuthenticationFailedException",
        "Message": "UsernamePasswordCredential authentication failed: Value cannot be null. (Parameter 'tenantId')\nSee the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot",
        "StackTrace": "   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)\r\n
            at Azure.Identity.UsernamePasswordCredential.AuthenticateImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)\r\n
            at Azure.Identity.UsernamePasswordCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)\r\n
            at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)\r\n
            at Azure.Identity.UsernamePasswordCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)\r\n
            at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](Task`1 task)\r\n
            at Azure.Identity.UsernamePasswordCredential.GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)\r\n
            at Program.Main(String[] args) in C:\\Users\\v-redacted\\source\\TCP-ArmClient\\TCP-ArmClient\\Program.cs:line 64",
        "Source": "Azure.Identity",
        "HResult": -2146233088,
        "Data": {},
        "InnerException": {
            "Type": "System.ArgumentNullException",
            "Message": "Value cannot be null. (Parameter 'tenantId')",
            "StackTrace": "   at Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithTenantId(String tenantId)\r\n
            at Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithTenantIdFromAuthority(Uri authorityUri)\r\n
            at Azure.Identity.MsalPublicClient.AcquireTokenByUsernamePasswordCoreAsync(String[] scopes, String claims, String username, String password, String tenantId, Boolean enableCae, Boolean async, CancellationToken cancellationToken)\r\n
            at Azure.Identity.MsalPublicClient.AcquireTokenByUsernamePasswordAsync(String[] scopes, String claims, String username, String password, String tenantId, Boolean enableCae, Boolean async, CancellationToken cancellationToken)\r\n
            at Azure.Identity.UsernamePasswordCredential.AuthenticateImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)",
            "Source": "Microsoft.Identity.Client",
            "HResult": -2147467261,
            "Data": {},
            "InnerException": null
        }
    }
}

InnerException is null.

Are you certain that this code is not the culprit?

@github-actions github-actions bot added needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team and removed needs-author-feedback Workflow: More information is needed from author to address the issue. labels Dec 18, 2024
@christothes
Copy link
Member

It would be helpful to know the specific value you are using for AZ_LOGIN_TENANT in the repro. If you don't want to disclose your actual tenant Id guid, please substitute it with a placeholder.

@christothes christothes added the needs-author-feedback Workflow: More information is needed from author to address the issue. label Dec 18, 2024
@github-actions github-actions bot removed the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Dec 18, 2024
Copy link

Hi @johnypony3. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.

@johnypony3
Copy link
Author

johnypony3 commented Dec 18, 2024

const string AZ_LOGIN_TENANT = "asdf";

I updated the code in this issue yesterday am and called it out :)

@github-actions github-actions bot added needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team and removed needs-author-feedback Workflow: More information is needed from author to address the issue. labels Dec 18, 2024
@christothes
Copy link
Member

Did you mean to type "adfs" by chance? 😄 If so, yes, I can reproduce this now and I agree it seems to be an issue with the MSAL library.

Please provide your repro details to the issue over there so that they can investigate further - AzureAD/microsoft-authentication-library-for-dotnet#4860

@johnypony3
Copy link
Author

Ha! Yes, I meant adfs :D

Ok, I will post my code there. Is your opinion to close this issue?

@christothes christothes changed the title [BUG] Azure-Identity: UsernamePasswordCredential.GetToken was unable to retrieve an access token (Value cannot be null. (Parameter 'tenantId')) [BUG] [MSAL] Azure-Identity: UsernamePasswordCredential.GetToken was unable to retrieve an access token (Value cannot be null. (Parameter 'tenantId')) Dec 18, 2024
@christothes
Copy link
Member

we'll keep it open until things resolve in the other issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Azure.Identity customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
Status: Untriaged
Development

No branches or pull requests

3 participants