azure-sdk-for-node icon indicating copy to clipboard operation
azure-sdk-for-node copied to clipboard
verified publisher icon Azure

Pass --allow-no-subscriptions to loginWithServicePrincipalSecret

Open vicdotdevelop opened this issue 3 years ago • 5 comments

Is there a way to pass additional options like "--allow-no-subscriptions" to the loginWithServicePrincipalSecret function. Currently the problem is without this flag we get a token back but then this token is not valid to access the ms sql database.

Error Message ConnectionError: Login failed for user ''. Incorrect or invalid token.

In the azure cli this flag is available for the az login with service principal call.

Btw: Please update the GitHub link on the npm item -> It forwards to 404 and you need to google again to come here❗️

vicdotdevelop avatar Jun 17 '22 13:06 vicdotdevelop

@vicdotdevelop Thanks for reporting this. Could you be more specific what does --allow-no-subscriptions mean ? And have you add role assigment to your service principal over this ms sql database ? Could you point to me where you see the invalid Github link on the npm ? Thank you

qiaozha avatar Jun 22 '22 06:06 qiaozha

@qiaozha the invalid github link is directly on the npm page of the lib: https://www.npmjs.com/package/ms-rest-azure image

vicdotdevelop avatar Jul 05 '22 09:07 vicdotdevelop

We have elaborated the problem and checked a working token against a not working token. The working token we got by the powershell lib with:

$request = Invoke-RestMethod -Method POST `
           -Uri "https://login.microsoftonline.com/$tenantid/oauth2/token"`
           -Body @{ resource="https://database.windows.net/"; grant_type="client_credentials"; client_id=$clientid; client_secret=$secret }`
           -ContentType "application/x-www-form-urlencoded"
$access_token = $request.access_token

The not working token we got with the this ms-rest-azure lib:

    const databaseCredentials = msRestAzure.loginWithServicePrincipalSecret(
		environment.client_id,
		environment.client_secret,
		environment.tenant_id,
		//environment.subscription_id,
	);

The question is: How to pass: resource="https://database.windows.net/" like in the ps into the library? Any suggestions?

vicdotdevelop avatar Jul 05 '22 09:07 vicdotdevelop

Now its probably more the problem of another library :) need to move the issue then.

vicdotdevelop avatar Jul 05 '22 09:07 vicdotdevelop

ms-rest-azure will be deprecated, Can you try @azure/identity something like this.

import { ClientSecretCredential } from "@azure/identity";
const credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
const accessToken = credential.getToken(scope);

here the scope means resource in your powershell context.

qiaozha avatar Jul 05 '22 10:07 qiaozha