Skip to content

MSAL token (timing?) issue when reading storage account token #30046

Description

@rob-zz

Describe the bug

I originally submitted a bug report with the azurerm terraform provider, but was directed here. Please refer to this issue for the details: hashicorp/terraform-provider-azurerm#27573

Related command

az account get-access-token --scope https://storageaccount.queue.core.windows.net/.default --subscription 12345678-e804-42e5-86ad-98f476ed81b7 -o=json

Errors

ERROR: User 'REDACTED' does not exist in MSAL token cache. Run az login.

Issue script & Debug output

Please see hashicorp/terraform-provider-azurerm#27573

Expected behavior

All storage account access tokens were correctly read from the token cache.

Environment Summary

azure-cli                         2.64.0 *

core                              2.64.0 *
telemetry                          1.1.0

Extensions:
account                            0.2.5
application-insights              0.1.19
azure-devops                      0.26.0
azure-firewall                    0.14.4
bastion                            0.2.3
costmanagement                     0.2.1
quota                              0.1.0
resource-graph                     2.1.0
ssh                                1.1.3

Dependencies:
msal                              1.30.0
azure-mgmt-resource               23.1.1

Python location '/opt/homebrew/Cellar/azure-cli/2.64.0/libexec/bin/python'
Extensions directory '/Users/user1/.azure/cliextensions'

Python (Darwin) 3.11.10 (main, Sep  7 2024, 01:03:31) [Clang 15.0.0 (clang-1500.3.9.4)]

Additional context

No response

Metadata

Metadata

Assignees

Labels

ARMaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupAccountaz login/accountAuto-AssignAuto assign by botAuto-ResolveAuto resolve by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamact-identity-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions