Error "az login: error: 'issuer'" with "az login --service-principal"
See original GitHub issue
az feedback
auto-generates most of the information requested below, as of CLI version 2.0.62
Describe the bug
az login --service-principal
failed with the error message az login: error: 'issuer'
.
The same Service Principal Credentials JSON proved to work successfully in Azure Login GitHub Actions
However, the effectively identical az login --service-principal
command that worked in https://github.com/Azure/login/blob/master/src/main.ts#L38 failed with azure-cli 2.8.0.
To Reproduce
$ cat "$SERVICE_PRINCIPAL_SECRET"
{
"clientId": "...",
"clientSecret": "...",
"subscriptionId": "...",
"tenantId": "..."
}
$ az login --service-principal -u "$(jq '.clientId' "$SERVICE_PRINCIPAL_SECRET")" -p "$(jq '.clientSecret' "$SERVICE_PRINCIPAL_SECRET")" --tenant "$(jq '.tenantId' "$SERVICE_PRINCIPAL_SECRET")"
usage: az login [-h] [--verbose] [--debug] [--only-show-errors] [--output {json,jsonc,yaml,yamlc,table,tsv,none}] [--query JMESPATH] [--username USERNAME] [--password PASSWORD] [--service-principal] [--tenant TENANT]
[--allow-no-subscriptions] [-i] [--use-device-code] [--use-cert-sn-issuer]
az login: error: 'issuer'
Expected behavior Login Successful.
Environment Summary
macOS-10.15.4-x86_64-i386-64bit
Python 3.8.3
Installer: HOMEBREW
azure-cli 2.8.0
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Jenkins azure deploy error: az login error issuer - Stack Overflow
I have tried to reproduce your issue by following this Jenkins document but was successfully able to echo environment variables that are set ......
Read more >Sign in with Azure CLI — Login and Authentication
Sign in with a service principal ; $AzCred = Get-Credential ; app-id> az login --service-principal ; $AzCred.UserName -p ; $AzCred.
Read more >Authenticating via the Azure CLI | Guides | hashicorp/azuread
If you're using a Service Principal (for example via az login --service-principal ) you should instead authenticate via the Service Principal directly, either ......
Read more >AZ Cli in Windows Bash environment have intermittent issue ...
fix profile error az cloud set --name AzureCloud --profile latest az login -u $CLIENT_ID --service-principal --tenant $TENANT_ID -p $CLIENT_SECRET >/dev/ ...
Read more >Azure Script step freezes at Azure CLI - Octopus Deploy
I disabled AZ CLI logging via environment variable, which appears to have ... If I create a Script step and login via using...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Resolved. This is a pure Linux scripting error on the client side. This is caused by the double quotes produced by the jq command.
The snippet below will work with az login --service-principal
The following command will throw
"az login: error: 'issuer'"
error because the tenant ID is invalid.As a conclusion, there is no technical bug on Azure CLI. Azure CLI may consider providing more verbose and actionable error message when the tenant ID is not valid.
@haokanga, glad to know the issue is solved. You are correct -
jq
’s output is still in JSON, which is why it is quoted. See https://github.com/stedolan/jq/issues/1735.This is also revealed in the
--debug
log:You may also append
--raw-output
to each$()
sub-command:I will try to improve the error message.