azure-cli icon indicating copy to clipboard operation
azure-cli copied to clipboard
verified publisher icon Azure

Az Login Authentication failed - Consent between first party application and first party resrouce must be configured via preauthorization.

Open whisper6284 opened this issue 3 years ago • 2 comments

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

Related command az login --scope https://communication.azure.com/.default

Describe the bug

I am trying to log into Azure via CLI in the above scope, in order to run live testing in Azure Communication Services - Phone Numbers.

The live test failed with an authentication error. The error message suggested that I run the command listed above. After entering my credentials, I received the following error.

Authentication failed invalid_request: AADSTS65002: Consent between first party application '04b07795-8ddb-461a-bbee-02f9e1bf7b46' and first party resource '632ec9eb-fad7-4cbd-993a-e72973ba2acc' must be configured via preauthorization - applications owned and operated by Microsoft must get approval from the API owner before requesting tokens for that API. Trace ID: d6205b99-721c-437f-945f-06622f070200 Correlation ID: 0b7335f4-a4d8-4cb3-8eaf-f098b6f65702 Timestamp: 2022-08-09 22:08:07Z. (https://login.microsoftonline.com/error?code=65002)

To Reproduce Run the command az login --scope https://communication.azure.com/.default and log in with credentials.

Expected behavior Successful login.

Environment summary Powershell 7 on Windows 11

whisper6284 avatar Aug 09 '22 22:08 whisper6284

@jiasli for awareness

yonzhan avatar Aug 09 '22 23:08 yonzhan

As the error message indicates, Azure CLI has no preauthorization with resource app https://communication.azure.com/. You may contact the owner of this resource app to pre-authorize Azure CLI in (Microsoft internal) first party portal.

jiasli avatar Aug 10 '22 09:08 jiasli

Hello @jiasli. Given that both Azure Communication Services and Azure CLI are MS products, could you please recommend who from MS could fix that ?

I would like to test Azure Communication Email Service locally and I'm usually using AzureCliCredential via AzureDefaultCredential for it.

lukaskostial avatar Feb 02 '23 14:02 lukaskostial

Given that both Azure Communication Services and Azure CLI are MS products, could you please recommend who from MS could fix that ?

Unfortunately, we won't "fix" it as Azure CLI is not considered a valid Azure Communication Services client. See https://github.com/Azure/azure-cli/issues/22775 for explanation and workaround.

jiasli avatar Aug 14 '23 08:08 jiasli