Azure
[BUG] Cloud Shell token API does not support https://cognitiveservices.azure.com
An issue filed in the azd repo shows that authentication for the https://cognitiveservices.azure.com audience is not supported in Cloud Shell. https://github.com/Azure-Samples/azure-search-openai-demo/issues/629
To Reproduce
curl http://localhost:50342/oauth2/token --data "resource=https://cognitiveservices.azure.com" -H Metadata:true -s
Also fails when running
azd auth token --output json --scope https://cognitiveservices.azure.com
This was discovered in
Observed Behavior
{"error":{"code":"AudienceNotSupported","message":"Audience https://cognitiveservices.azure.com is not a supported MSI token audience. Supported audiences: https://management.core.windows.net/,https://management.azure.com/,https://graph.windows.net/,https://vault.azure.net,https://datalake.azure.net/,https://outlook.office365.com/,https://graph.microsoft.com/,https://batch.core.windows.net/,https://analysis.windows.net/powerbi/api,https://storage.azure.com/,https://rest.media.azure.net,https://api.loganalytics.io,https://ossrdbms-aad.database.windows.net,https://www.yammer.com,https://digitaltwins.azure.net,0b07f429-9f4b-4714-9392-cc5e8e80c8b0,822c8694-ad95-4735-9c55-256f7db2f9b4,https://dev.azuresynapse.net,https://database.windows.net,https://quantum.microsoft.com,https://iothubs.azure.net,2ff814a6-3304-4ab8-85cb-cd0e6f879c1d,https://azuredatabricks.net/,ce34e7e5-485f-4d76-964f-b3d2b16d1e4f,https://azure-devices-provisioning.net,https://managedhsm.azure.net,499b84ac-1321-427f-aa17-267ca6975798,https://api.adu.microsoft.com/,https://purview.azure.net/,6dae42f8-4368-4678-94ff-3960e28e3630"}}
Expected behavior
Should be able to get an authentication token from Cloud Shell token API.
Is this specific to Cloud Shell?
Yes, this is specific to Cloud Shell
Interface information
How are you accessing Cloud Shell - https://shell.azure.com, https://portal.azure.com, via Windows Terminal, or some other method? If a browser, which Operating System and browser are you using? (ex. Edge on Windows 10)
Accessing Cloud Shell by: https://portal.azure.com/ OS: Windows 11 Browser: Edge
Thank you @danieljurek for reporting this. This should be a small fix on our side - I will follow up after the change has been made.
In context of the azure-search-openai-demo, it does apply to search.azure.com as well: {"message":"fetching token: invalid CloudShell token API response code: 400, content: {"error":{"code":"AudienceNotSupported","message":"Audience https://search.azure.com is not a supported MSI token audience.
Is this fixed? I have hit the problem in https:://search.azure.com is not supported MSI token error, when I execute via cloudshell. The error I get its below.
``
AzureDeveloperCliCredential.get_token failed: {"type":"consoleMessage","timestamp":"2024-04-18T18:06:11.892782392Z","data":{"message":"fetching token: invalid CloudShell token API response code: 400, content: {"error":{"code":"AudienceNotSupported","message":"Audience https://search.azure.com is not a supported MSI token audience. Supported audiences: https://management.core.windows.net/,https://management.azure.com/,https://graph.windows.net/,https://vault.azure.net,https://datalake.azure.net/,https://outlook.office365.com/,https://graph.microsoft.com/,https://batch.core.windows.net/,https://analysis.windows.net/powerbi/api,https://storage.azure.com/,https://rest.media.azure.net,https://api.loganalytics.io,https://ossrdbms-aad.database.windows.net,https://www.yammer.com,https://digitaltwins.azure.net,0b07f429-9f4b-4714-9392-cc5e8e80c8b0,822c8694-ad95-4735-9c55-256f7db2f9b4,https://dev.azuresynapse.net,https://database.windows.net,https://quantum.microsoft.com,https://iothubs.azure.net,2ff814a6-3304-4ab8-85cb-cd0e6f879c1d,https://azuredatabricks.net/,ce34e7e5-485f-4d76-964f-b3d2b16d1e4f,https://azure-devices-provisioning.net,https://managedhsm.azure.net,499b84ac-1321-427f-aa17-267ca6975798,https://api.adu.microsoft.com/,https://purview.azure.net/,6dae42f8-4368-4678-94ff-3960e28e3630,https://cognitiveservices.azure.com,48ac35b8-9aa8-4d74-927d-1f4a14a0b239,46da2f7e-b5ef-422a-88d4-2a7f9de6a0b2\"}}\n"}}
I'm currently running into the same issue. This is really putting a crimp in my style for running a debug/troubleshooting app in an environment that I can't connect to from my dev system...
