'az staticwebapp hostname show' does not show TXT validation token after 6 months #31438
Description
Describe the bug
Hi team, we have a custom domain hosted in static sites, and we are using TXT validation to ensure Azure can create the certificate. This works fine on initial creation, but after 6 months, we run az staticwebapp hostname show --subscription "XXX" --resource-group "XXX" --name "XXX" --hostname "XXX" and we get
{
"createdOn": "2024-11-06T22:39:27.321505+00:00",
... (other properties)
"validationToken": null
}
Previously the validationToken was populated.
Given that the documentation for the az staticwebapp hostname show command says
show : Get details for a staticwebapp custom domain. Can be used to fetch validation token for
TXT domain validation (see example).
at the least, the documentation should be extended to cover the situation where the token doesn't exist any more, and what the user can do to fix it.
Related command
az staticwebapp hostname show
Errors
{
"createdOn": "2024-11-06T22:39:27.321505+00:00",
... (other properties)
"validationToken": null
}
Issue script & Debug output
PS C:\Users\me> az staticwebapp hostname show --subscription "REDACTED" --resource-group "REDACTED" --name "REDACTED" --hostname "REDACTED.REDACTED" --query "validationToken" --debug
cli.knack.cli: Command arguments: ['staticwebapp', 'hostname', 'show', '--subscription', 'REDACTED', '--resource-group', 'REDACTED', '--name', 'REDACTED', '--hostname', 'REDACTED.REDACTED.qld.gov.au', '--query', 'validationToken', '--debug']
cli.knack.cli: init debug log:
Enable colour in terminal.
Enable VT mode.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [, , ]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'staticwebapp': ['azure.cli.command_modules.appservice']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: appservice 0.800 80 277
cli.azure.cli.core: Total (1) 0.800 80 277
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 80 groups, 277 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : staticwebapp hostname show
cli.azure.cli.core: Command table: staticwebapp hostname show
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate []
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'REDACTED.log'.
az_command_data_logger: command args: staticwebapp hostname show --subscription {} --resource-group {} --name {} --hostname {} --query {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at REDACTED>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at REDACTED>, <function register_cache_arguments..add_cache_arguments at REDACTED>, <function register_upcoming_breaking_change_info..update_breaking_change_info at REDACTED>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [, , <function register_ids_argument..parse_ids_arguments at REDACTED>]
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=WebSiteManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='REDACTED', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: REDACTED
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initialising with Entra authority: REDACTED
msal.authority: openid_config(REDACTED) = REDACTED
msal.application: Broker enabled? True
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('REDACTED',), kwargs={}
cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('REDACTED',), claims=None, kwargs={}
msal.broker: [MSAL:0001] INFO LogTelemetryData:422 Printing Telemetry for Correlation ID: REDACTED
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: start_time, Value: REDACTED
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: api_name, Value: ReadAccountById
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: was_request_throttled, Value: false
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: authority_type, Value: Unknown
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: msal_version, Value: REDACTED
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: correlation_id, Value: REDACTED
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: broker_app_used, Value: false
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: stop_time, Value: REDACTED
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: msalruntime_version, Value: REDACTED
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: is_successful, Value: true
msal.broker: [MSAL:0001] INFO LogTelemetryData:430 Key: request_duration, Value: 0
msal.broker: [MSAL:0002] WARNING SetAuthorityUri:78 Initialising authority from URI 'REDACTED' without authority type, defaulting to MsSts
msal.broker: [MSAL:0002] INFO SetCorrelationId:258 Set correlation ID: REDACTED
msal.broker: [MSAL:0002] INFO EnqueueBackgroundRequest:1000 The original authority is 'REDACTED'
msal.broker: [MSAL:0002] INFO ModifyAndValidateAuthParameters:243 Authority Realm: REDACTED
msal.broker: [MSAL:0002] WARNING TryEnqueueMsaDeviceCredentialAcquisitionAndContinue:1052 MsaDeviceOperationProvider is not available. Not attempting to register the device.
msal.broker: [MSAL:0003] INFO StorageTokenResponse:84 StorageTokenResponse account constructor invoked. This is only expected in Runtime flows
msal.broker: [MSAL:0003] INFO IsAccessTokenValid:2658 The access token is expired
msal.broker: [MSAL:0003] WARNING StorageTokenResponse:15 No credentials found in the cache
msal.broker: [MSAL:0003] WARNING GetPlatformPropertiesFromStorage:2013 No account found in cache.
msal.broker: [MSAL:0003] INFO LogTelemetryData:422 Printing Telemetry for Correlation ID: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: start_time, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: api_name, Value: AcquireTokenSilently
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: was_request_throttled, Value: false
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: authority_type, Value: AAD
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: access_token_expiry_time, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: read_token, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: msal_version, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: client_id, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: correlation_id, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: storage_delete, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: broker_app_used, Value: true
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: stop_time, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: msalruntime_version, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: original_authority, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: request_eligible_for_broker, Value: true
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: additional_query_parameters_count, Value: 0
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: storage_read, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: delete_token, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: is_successful, Value: true
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: wam_telemetry, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: auth_flow, Value: Broker
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: tenant_id, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: write_token, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: storage_write, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: authorisation_type, Value: WindowsIntegratedAuth
msal.broker: [MSAL:0003] INFO LogTelemetryData:430 Key: request_duration, Value: REDACTED
msal.broker: [MSAL:0003] INFO LogTelemetryData:435 Printing Execution Flow: REDACTED
msal.token_cache: event={
"_account_id": "REDACTED",
"client_id": "REDACTED",
"data": {},
"environment": "REDACTED",
"grant_type": "broker",
"response": {
"_account_id": "REDACTED",
"_msalruntime_telemetry": {
"DATA LIMITED": "Full MSALRuntime telemetry not yet implemented",
"api_name": "AcquireTokenSilently",
"broker_app_used": "true",
"client_id": "REDACTED",
"correlation_id": "REDACTED",
"is_successful": "true",
"msal_version": "REDACTED",
"msalruntime_version": "REDACTED"
},
"access_token": "",
"client_info": "REDACTED",
"expires_in": REDACTED,
"id_token": "",
"id_token_claims": "***",
"scope": "REDACTED",
"token_type": "bearer"
},
"scope": [
"REDACTED",
"REDACTED"
],
"token_endpoint": "REDACTED"
}
cli.azure.cli.core.sdk.policies: Request URL: 'REDACTED'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'REDACTED'
cli.azure.cli.core.sdk.policies: 'CommandName': 'staticwebapp hostname show'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--subscription --resource-group --name --hostname --query --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'REDACTED'
cli.azure.cli.core.sdk.policies: 'Authorisation': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): REDACTED
urllib3.connectionpool: REDACTED
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '672'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'REDACTED'
cli.azure.cli.core.sdk.policies: 'X-AspNet-Version': '4.0.30319'
cli.azure.cli.core.sdk.policies: 'X-Powered-By': 'ASP.NET'
cli.azure.cli.core.sdk.policies: 'x-ms-operation-identifier': 'REDACTED'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'REDACTED'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'REDACTED'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'REDACTED'
cli.azure.cli.core.sdk.policies: 'Date': 'REDACTED'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"id":"REDACTED","name":"REDACTED.REDACTED.qld.gov.au","type":"Microsoft.Web/staticSites/customDomains","location":"West US 2","properties":{"domainName":"REDACTED.REDACTED.qld.gov.au","isDefault":false,"createdOn":"REDACTED","expiresOn":"REDACTED","status":"Unhealthy","errorMessage":"An unknown error has occurred while attempting to renew your custom domain. Please ensure your domain is directing traffic to the static web app, and check again later."}}
cli.knack.cli: Event: CommandInvoker.OnTransformResult [, ]
cli.knack.cli: Event: CommandInvoker.OnFilterResult [<function CLIQuery.handle_query_parameter..filter_output at REDACTED>]
cli.knack.cli: Event: Cli.SuccessfulExecute []
cli.knack.cli: Event: Cli.PostExecute []
az_command_data_logger: exit code: 0
cli.main: Command ran in REDACTED seconds (init: REDACTED, invoke: REDACTED)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length REDACTED in cache file under REDACTED
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "REDACTED"
telemetry.process: Return from creating process REDACTED
telemetry.main: Finish creating telemetry upload process
Expected behavior
Validation token is provided. Note that this token should not be treated as a secret - it's put into public DNS as a TXT record for the whole world to view on every domain.
Environment Summary
PS C:\Users\me> az --version
azure-cli 2.70.0 *
core 2.70.0 *
telemetry 1.1.0
Extensions:
account 0.2.5
authV2 0.1.3
azure-devops 0.26.0
databricks 0.10.2
datafactory 1.0.2
resource-graph 2.1.0
storage-blob-preview 0.7.2
storage-preview 1.0.0b1
Dependencies:
msal 1.31.2b1
azure-mgmt-resource 23.1.1
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Config directory 'C:\Users\me.azure'
Extensions directory 'C:\Users\me.azure\cliextensions'
Python (Windows) 3.12.8 (tags/v3.12.8:2dc476b, Dec 3 2024, 19:30:04) [MSC v.1942 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Additional context
No response