Describe the bug
Logged in successfully, but still getting an invalid authentication token error.
Related command
az role assignment list --all --assignee "upn" --subscription "subid"
Errors
cli.azure.cli.core.util: {"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}}
cli.azure.cli.command_modules.role.custom: Failed to query sec.Jing.He@pernodricardchina.partner.onmschina.cn by invoking Graph API. If you don't have permission to query Graph API, please specify --assignee-object-id and --assignee-principal-type.
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 1007, in send_raw_request
azure.cli.core.azclierror.HTTPError: Unauthorized({"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}})
Issue script & Debug output
PS C:\Users\Jing.He> az role assignment list --assignee "xxxxx" --subscription "xxxx" --debug
cli.knack.cli: Command arguments: ['role', 'assignment', 'list', '--assignee', 'xxxxxxxx', '--subscription', 'a10ca0b5-7b52-4cc6-a1a5-af5d45c0aad6', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x0000018863C8F880>, <function OutputProducer.on_global_arguments at 0x0000018863E1A020>, <function CLIQuery.on_global_arguments at 0x0000018863E43BA0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'role': ['azure.cli.command_modules.role']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: role 0.023 17 61
cli.azure.cli.core: Total (1) 0.023 17 61
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 17 groups, 61 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : role assignment list
cli.azure.cli.core: Command table: role assignment list
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x0000018866D62020>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\Jing.He.azure\commands\2024-10-24.16-00-27.role_assignment_list.40684.log'.
az_command_data_logger: command args: role assignment list --assignee {} --subscription {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x0000018866D76660>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x0000018866DFC540>, <function register_cache_arguments..add_cache_arguments at 0x0000018866DFC680>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x0000018863E1A0C0>, <function CLIQuery.handle_query_parameter at 0x0000018863E43C40>, <function register_ids_argument..parse_ids_arguments at 0x0000018866DFC5E0>]
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=AuthorizationManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\Jing.He\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\Jing.He.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200
msal.authority: openid_config("https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.partner.microsoftonline.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://microsoftgraph.chinacloudapi.cn/oidc/userinfo', 'authorization_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/kerberos', 'tenant_region_scope': 'AS', 'cloud_instance_name': 'partner.microsoftonline.cn', 'cloud_graph_host_name': 'graph.chinacloudapi.cn', 'msgraph_host': 'microsoftgraph.chinacloudapi.cn', 'rbac_url': 'https://pas.chinacloudapi.cn'}
msal.application: Broker enabled? None
cli.azure.cli.core.util: Retrieving token for resource https://microsoftgraph.chinacloudapi.cn
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200
msal.authority: openid_config("https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.partner.microsoftonline.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://microsoftgraph.chinacloudapi.cn/oidc/userinfo', 'authorization_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/kerberos', 'tenant_region_scope': 'AS', 'cloud_instance_name': 'partner.microsoftonline.cn', 'cloud_graph_host_name': 'graph.chinacloudapi.cn', 'msgraph_host': 'microsoftgraph.chinacloudapi.cn', 'rbac_url': 'https://pas.chinacloudapi.cn'}
msal.application: Broker enabled? None
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://microsoftgraph.chinacloudapi.cn/.default',), claims=None, kwargs={}
msal.application: Found 1 RTs matching {'environment': 'login.chinacloudapi.cn', 'home_account_id': '.2d30602e-b857-4d48-8ee4-90dd1f37c200', 'family_id': '1'}
msal.telemetry: Generate or reuse correlation_id: f699d744-0f83-485f-a731-42aaf03fdf79
msal.application: Cache attempts an RT
urllib3.connectionpool: Starting new HTTPS connection (1): login.chinacloudapi.cn:443
urllib3.connectionpool: https://login.chinacloudapi.cn:443 "POST /2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/token HTTP/1.1" 200 5585
msal.token_cache: event={
"client_id": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
"data": {
"claims": "{"access_token": {"xms_cc": {"values": ["CP1"]}}}",
"refresh_token": "",
"scope": [
"openid",
"profile",
"https://microsoftgraph.chinacloudapi.cn/.default",
"offline_access"
]
},
"environment": "login.chinacloudapi.cn",
"grant_type": "refresh_token",
"params": null,
"response": {
"access_token": "",
"client_info": "eyJ1aWQiOiJmNDhmNGRiNi0zYmRkLTRlYjgtOGMxMi04ZGE2MGM5MjlhYWQiLCJ1dGlkIjoiMmQzMDYwMmUtYjg1Ny00ZDQ4LThlZTQtOTBkZDFmMzdjMjAwIn0",
"expires_in": 3599,
"ext_expires_in": 3599,
"foci": "1",
"id_token": "",
"scope": "email openid profile https://microsoftgraph.chinacloudapi.cn/AuditLog.Read.All https://microsoftgraph.chinacloudapi.cn/Directory.AccessAsUser.All https://microsoftgraph.chinacloudapi.cn/Group.ReadWrite.All https://microsoftgraph.chinacloudapi.cn/User.ReadWrite.All https://microsoftgraph.chinacloudapi.cn/.default",
"token_type": "Bearer"
},
"scope": [
"email",
"openid",
"profile",
"https://microsoftgraph.chinacloudapi.cn/AuditLog.Read.All",
"https://microsoftgraph.chinacloudapi.cn/Directory.AccessAsUser.All",
"https://microsoftgraph.chinacloudapi.cn/Group.ReadWrite.All",
"https://microsoftgraph.chinacloudapi.cn/User.ReadWrite.All",
"https://microsoftgraph.chinacloudapi.cn/.default"
],
"skip_account_creation": true,
"token_endpoint": "https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/token"
}
cli.azure.cli.core.util: Request URL: 'https://microsoftgraph.chinacloudapi.cn/v1.0/users?$filter=userPrincipalName%20eq%20%27sec.Jing.He%40pernodricardchina.partner.onmschina.cn%27'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.8 (Windows-10-10.0.22631-SP0) AZURECLI/2.60.0 (MSI)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': 'c05d6aba-6654-437d-817d-2f4004e058c8'
cli.azure.cli.core.util: 'CommandName': 'role assignment list'
cli.azure.cli.core.util: 'ParameterSetName': '--assignee --subscription --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): microsoftgraph.chinacloudapi.cn:443
urllib3.connectionpool: https://microsoftgraph.chinacloudapi.cn:443 "GET /v1.0/users?$filter=userPrincipalName%20eq%20%27sec.Jing.He%40pernodricardchina.partner.onmschina.cn%27 HTTP/1.1" 401 None
cli.azure.cli.core.util: Response status: 401
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'Content-Encoding': 'gzip'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util: 'request-id': '3dbc2007-5022-418c-a3ca-8c38ab4d7694'
cli.azure.cli.core.util: 'client-request-id': '3dbc2007-5022-418c-a3ca-8c38ab4d7694'
cli.azure.cli.core.util: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"China East","Slice":"E","Ring":"6","ScaleUnit":"001","RoleInstance":"SH1NEPF0000074C"}}'
cli.azure.cli.core.util: 'WWW-Authenticate': 'Bearer realm="", authorization_uri="https://login.chinacloudapi.cn/common/oauth2/authorize", client_id="00000003-0000-0000-c000-000000000000", error_description="Continuous access evaluation resulted in challenge with result: InteractionRequired and code: UnhandledFailure", error="insufficient_claims", claims="eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwidmFsdWUiOiIxNzI5NzU2ODMwIn0sInhtc19jYWVlcnJvciI6eyJ2YWx1ZSI6IjIwMDAxIn19fQ=="'
cli.azure.cli.core.util: 'Date': 'Thu, 24 Oct 2024 08:00:30 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}}
cli.azure.cli.command_modules.role.custom: Failed to query sec.Jing.He@pernodricardchina.partner.onmschina.cn by invoking Graph API. If you don't have permission to query Graph API, please specify --assignee-object-id and --assignee-principal-type.
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 1007, in send_raw_request
azure.cli.core.azclierror.HTTPError: Unauthorized({"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 664, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 731, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 701, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 334, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 229, in list_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 545, in _search_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1525, in _resolve_object_id
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1534, in _resolve_object_id_and_type
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 294, in user_list
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 1007, in send_raw_request
azure.cli.core.azclierror.HTTPError: Unauthorized({"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 664, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 731, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 701, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 334, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 229, in list_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 545, in _search_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1525, in _resolve_object_id
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1534, in _resolve_object_id_and_type
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 294, in user_list
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
az_command_data_logger: Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 1007, in send_raw_request
azure.cli.core.azclierror.HTTPError: Unauthorized({"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 664, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 731, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 701, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 334, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 229, in list_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 545, in _search_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1525, in _resolve_object_id
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1534, in _resolve_object_id_and_type
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 294, in user_list
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
azure.cli.command_modules.role._msgrpah.graph_client.GraphError: Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x0000018866D622A0>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 3.482 seconds (init: 0.854, invoke: 2.628)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 7613 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "c:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init.pyc C:\Users\Jing.He.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
The expected output is either an empty array [] or something similar to this
[
{
"condition": null,
"conditionVersion": null,
"createdBy": "003ac3c6-c791-48dc-9b72-584e14f2e397",
"createdOn": "2024-10-21T09:49:37.254627+00:00",
"delegatedManagedIdentityResourceId": null,
"description": null,
"id": "/subscriptions/xxxxxxxxx/resourceGroups/mycui-win/providers/Microsoft.Compute/virtualMachines/test1017-win11-single/providers/Microsoft.Authorization/roleAssignments/fb5209bc-a105-42b1-946b-3ae01899428b",
"name": "xxx",
"principalId": "xxxx",
"principalName": "xxxx",
"principalType": "User",
"resourceGroup": "mycui-win",
"roleDefinitionId": "/subscriptions/xxx/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
"roleDefinitionName": "Virtual Machine User Login",
"scope": "/subscriptions/xxxx/resourceGroups/mycui-win/providers/Microsoft.Compute/virtualMachines/test1017-win11-single",
"type": "Microsoft.Authorization/roleAssignments",
"updatedBy": "003ac3c6-c791-48dc-9b72-584e14f2e397",
"updatedOn": "2024-10-21T09:49:37.254627+00:00"
},
]
Environment Summary
az version
{
"azure-cli": "2.60.0",
"azure-cli-core": "2.60.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {
"site-recovery": "1.0.0"
}
}
Additional context
No response
Describe the bug
Logged in successfully, but still getting an invalid authentication token error.
Related command
az role assignment list --all --assignee "upn" --subscription "subid"
Errors
cli.azure.cli.core.util: {"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}}
cli.azure.cli.command_modules.role.custom: Failed to query sec.Jing.He@pernodricardchina.partner.onmschina.cn by invoking Graph API. If you don't have permission to query Graph API, please specify --assignee-object-id and --assignee-principal-type.
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 1007, in send_raw_request
azure.cli.core.azclierror.HTTPError: Unauthorized({"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}})
Issue script & Debug output
PS C:\Users\Jing.He> az role assignment list --assignee "xxxxx" --subscription "xxxx" --debug
cli.knack.cli: Command arguments: ['role', 'assignment', 'list', '--assignee', 'xxxxxxxx', '--subscription', 'a10ca0b5-7b52-4cc6-a1a5-af5d45c0aad6', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x0000018863C8F880>, <function OutputProducer.on_global_arguments at 0x0000018863E1A020>, <function CLIQuery.on_global_arguments at 0x0000018863E43BA0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'role': ['azure.cli.command_modules.role']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: role 0.023 17 61
cli.azure.cli.core: Total (1) 0.023 17 61
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 17 groups, 61 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : role assignment list
cli.azure.cli.core: Command table: role assignment list
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x0000018866D62020>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\Jing.He.azure\commands\2024-10-24.16-00-27.role_assignment_list.40684.log'.
az_command_data_logger: command args: role assignment list --assignee {} --subscription {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x0000018866D76660>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x0000018866DFC540>, <function register_cache_arguments..add_cache_arguments at 0x0000018866DFC680>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x0000018863E1A0C0>, <function CLIQuery.handle_query_parameter at 0x0000018863E43C40>, <function register_ids_argument..parse_ids_arguments at 0x0000018866DFC5E0>]
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=AuthorizationManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\Jing.He\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\Jing.He.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200
msal.authority: openid_config("https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.partner.microsoftonline.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://microsoftgraph.chinacloudapi.cn/oidc/userinfo', 'authorization_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/kerberos', 'tenant_region_scope': 'AS', 'cloud_instance_name': 'partner.microsoftonline.cn', 'cloud_graph_host_name': 'graph.chinacloudapi.cn', 'msgraph_host': 'microsoftgraph.chinacloudapi.cn', 'rbac_url': 'https://pas.chinacloudapi.cn'}
msal.application: Broker enabled? None
cli.azure.cli.core.util: Retrieving token for resource https://microsoftgraph.chinacloudapi.cn
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200
msal.authority: openid_config("https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.partner.microsoftonline.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://microsoftgraph.chinacloudapi.cn/oidc/userinfo', 'authorization_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/kerberos', 'tenant_region_scope': 'AS', 'cloud_instance_name': 'partner.microsoftonline.cn', 'cloud_graph_host_name': 'graph.chinacloudapi.cn', 'msgraph_host': 'microsoftgraph.chinacloudapi.cn', 'rbac_url': 'https://pas.chinacloudapi.cn'}
msal.application: Broker enabled? None
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://microsoftgraph.chinacloudapi.cn/.default',), claims=None, kwargs={}
msal.application: Found 1 RTs matching {'environment': 'login.chinacloudapi.cn', 'home_account_id': '.2d30602e-b857-4d48-8ee4-90dd1f37c200', 'family_id': '1'}
msal.telemetry: Generate or reuse correlation_id: f699d744-0f83-485f-a731-42aaf03fdf79
msal.application: Cache attempts an RT
urllib3.connectionpool: Starting new HTTPS connection (1): login.chinacloudapi.cn:443
urllib3.connectionpool: https://login.chinacloudapi.cn:443 "POST /2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/token HTTP/1.1" 200 5585
msal.token_cache: event={
"client_id": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
"data": {
"claims": "{"access_token": {"xms_cc": {"values": ["CP1"]}}}",
"refresh_token": "",
"scope": [
"openid",
"profile",
"https://microsoftgraph.chinacloudapi.cn/.default",
"offline_access"
]
},
"environment": "login.chinacloudapi.cn",
"grant_type": "refresh_token",
"params": null,
"response": {
"access_token": "",
"client_info": "eyJ1aWQiOiJmNDhmNGRiNi0zYmRkLTRlYjgtOGMxMi04ZGE2MGM5MjlhYWQiLCJ1dGlkIjoiMmQzMDYwMmUtYjg1Ny00ZDQ4LThlZTQtOTBkZDFmMzdjMjAwIn0",
"expires_in": 3599,
"ext_expires_in": 3599,
"foci": "1",
"id_token": "",
"scope": "email openid profile https://microsoftgraph.chinacloudapi.cn/AuditLog.Read.All https://microsoftgraph.chinacloudapi.cn/Directory.AccessAsUser.All https://microsoftgraph.chinacloudapi.cn/Group.ReadWrite.All https://microsoftgraph.chinacloudapi.cn/User.ReadWrite.All https://microsoftgraph.chinacloudapi.cn/.default",
"token_type": "Bearer"
},
"scope": [
"email",
"openid",
"profile",
"https://microsoftgraph.chinacloudapi.cn/AuditLog.Read.All",
"https://microsoftgraph.chinacloudapi.cn/Directory.AccessAsUser.All",
"https://microsoftgraph.chinacloudapi.cn/Group.ReadWrite.All",
"https://microsoftgraph.chinacloudapi.cn/User.ReadWrite.All",
"https://microsoftgraph.chinacloudapi.cn/.default"
],
"skip_account_creation": true,
"token_endpoint": "https://login.chinacloudapi.cn/2d30602e-b857-4d48-8ee4-90dd1f37c200/oauth2/v2.0/token"
}
cli.azure.cli.core.util: Request URL: 'https://microsoftgraph.chinacloudapi.cn/v1.0/users?$filter=userPrincipalName%20eq%20%27sec.Jing.He%40pernodricardchina.partner.onmschina.cn%27'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util: 'User-Agent': 'python/3.11.8 (Windows-10-10.0.22631-SP0) AZURECLI/2.60.0 (MSI)'
cli.azure.cli.core.util: 'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util: 'Accept': '/'
cli.azure.cli.core.util: 'Connection': 'keep-alive'
cli.azure.cli.core.util: 'x-ms-client-request-id': 'c05d6aba-6654-437d-817d-2f4004e058c8'
cli.azure.cli.core.util: 'CommandName': 'role assignment list'
cli.azure.cli.core.util: 'ParameterSetName': '--assignee --subscription --debug'
cli.azure.cli.core.util: 'Authorization': 'Bearer eyJ0eXAiOiJKV...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): microsoftgraph.chinacloudapi.cn:443
urllib3.connectionpool: https://microsoftgraph.chinacloudapi.cn:443 "GET /v1.0/users?$filter=userPrincipalName%20eq%20%27sec.Jing.He%40pernodricardchina.partner.onmschina.cn%27 HTTP/1.1" 401 None
cli.azure.cli.core.util: Response status: 401
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util: 'Transfer-Encoding': 'chunked'
cli.azure.cli.core.util: 'Content-Type': 'application/json'
cli.azure.cli.core.util: 'Content-Encoding': 'gzip'
cli.azure.cli.core.util: 'Vary': 'Accept-Encoding'
cli.azure.cli.core.util: 'Strict-Transport-Security': 'max-age=31536000'
cli.azure.cli.core.util: 'request-id': '3dbc2007-5022-418c-a3ca-8c38ab4d7694'
cli.azure.cli.core.util: 'client-request-id': '3dbc2007-5022-418c-a3ca-8c38ab4d7694'
cli.azure.cli.core.util: 'x-ms-ags-diagnostic': '{"ServerInfo":{"DataCenter":"China East","Slice":"E","Ring":"6","ScaleUnit":"001","RoleInstance":"SH1NEPF0000074C"}}'
cli.azure.cli.core.util: 'WWW-Authenticate': 'Bearer realm="", authorization_uri="https://login.chinacloudapi.cn/common/oauth2/authorize", client_id="00000003-0000-0000-c000-000000000000", error_description="Continuous access evaluation resulted in challenge with result: InteractionRequired and code: UnhandledFailure", error="insufficient_claims", claims="eyJhY2Nlc3NfdG9rZW4iOnsibmJmIjp7ImVzc2VudGlhbCI6dHJ1ZSwidmFsdWUiOiIxNzI5NzU2ODMwIn0sInhtc19jYWVlcnJvciI6eyJ2YWx1ZSI6IjIwMDAxIn19fQ=="'
cli.azure.cli.core.util: 'Date': 'Thu, 24 Oct 2024 08:00:30 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}}
cli.azure.cli.command_modules.role.custom: Failed to query sec.Jing.He@pernodricardchina.partner.onmschina.cn by invoking Graph API. If you don't have permission to query Graph API, please specify --assignee-object-id and --assignee-principal-type.
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 1007, in send_raw_request
azure.cli.core.azclierror.HTTPError: Unauthorized({"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 664, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 731, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 701, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 334, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 229, in list_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 545, in _search_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1525, in _resolve_object_id
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1534, in _resolve_object_id_and_type
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 294, in user_list
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
cli.azure.cli.core.azclierror: The command failed with an unexpected error. Here is the traceback:
az_command_data_logger: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 1007, in send_raw_request
azure.cli.core.azclierror.HTTPError: Unauthorized({"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 664, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 731, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 701, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 334, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 229, in list_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 545, in _search_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1525, in _resolve_object_id
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1534, in _resolve_object_id_and_type
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 294, in user_list
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
azure.cli.command_modules.role._msgrpah._graph_client.GraphError: Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
az_command_data_logger: Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 52, in _send
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 1007, in send_raw_request
azure.cli.core.azclierror.HTTPError: Unauthorized({"error":{"code":"InvalidAuthenticationToken","message":"Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.","innerError":{"date":"2024-10-24T08:00:30","request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694","client-request-id":"3dbc2007-5022-418c-a3ca-8c38ab4d7694"}}})
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 664, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 731, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 701, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 334, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 229, in list_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 545, in _search_role_assignments
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1525, in _resolve_object_id
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/custom.py", line 1534, in _resolve_object_id_and_type
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 294, in user_list
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/role/_msgrpah/_graph_client.py", line 55, in _send
azure.cli.command_modules.role._msgrpah.graph_client.GraphError: Exception of type 'Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException' was thrown.
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x0000018866D622A0>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 3.482 seconds (init: 0.854, invoke: 2.628)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 7613 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "c:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init.pyc C:\Users\Jing.He.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
The expected output is either an empty array [] or something similar to this
[
{
"condition": null,
"conditionVersion": null,
"createdBy": "003ac3c6-c791-48dc-9b72-584e14f2e397",
"createdOn": "2024-10-21T09:49:37.254627+00:00",
"delegatedManagedIdentityResourceId": null,
"description": null,
"id": "/subscriptions/xxxxxxxxx/resourceGroups/mycui-win/providers/Microsoft.Compute/virtualMachines/test1017-win11-single/providers/Microsoft.Authorization/roleAssignments/fb5209bc-a105-42b1-946b-3ae01899428b",
"name": "xxx",
"principalId": "xxxx",
"principalName": "xxxx",
"principalType": "User",
"resourceGroup": "mycui-win",
"roleDefinitionId": "/subscriptions/xxx/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
"roleDefinitionName": "Virtual Machine User Login",
"scope": "/subscriptions/xxxx/resourceGroups/mycui-win/providers/Microsoft.Compute/virtualMachines/test1017-win11-single",
"type": "Microsoft.Authorization/roleAssignments",
"updatedBy": "003ac3c6-c791-48dc-9b72-584e14f2e397",
"updatedOn": "2024-10-21T09:49:37.254627+00:00"
},
]
Environment Summary
az version
{
"azure-cli": "2.60.0",
"azure-cli-core": "2.60.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {
"site-recovery": "1.0.0"
}
}
Additional context
No response