az login showing 400 after browser authentication successful

[AksamK]

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name
az login

Errors:

Paste here the error message you have received. Make sure to remove all sensitive information,
such as user name, password, credential, subscription ID, etc.

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

• Put any pre-requisite steps here...
• az login --debug

Expected Behavior

Environment Summary

Linux-5.15.90.1-microsoft-standard-WSL2-x86_64-with-glibc2.31, Ubuntu 20.04.6 LTS
Python 3.10.10
Installer: DEB

azure-cli 2.46.0

Extensions:
connectedk8s 1.3.14
azure-devops 0.26.0
k8s-extension 1.4.0
k8s-configuration 1.7.0
customlocation 0.1.3

Dependencies:
msal 1.20.0
azure-mgmt-resource 21.1.0b1

Additional Context

az login --debug
cli.knack.cli: Command arguments: ['login', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f10fc6f52d0>, <function OutputProducer.on_global_arguments at 0x7f10fc5e7eb0>, <function CLIQuery.on_global_arguments at 0x7f10fc639120>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.002 2 9
cli.azure.cli.core: Total (1) 0.002 2 9
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 2 groups, 9 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f10fb1b2a70>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/ak12/.azure/commands/2023-03-27.06-21-23.login.21420.log'.
az_command_data_logger: command args: login --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7f10fafa79a0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7f10fafc16c0>, <function register_cache_arguments..add_cache_arguments at 0x7f10fafc17e0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f10fc5e7f40>, <function CLIQuery.handle_query_parameter at 0x7f10fc6391b0>, <function register_ids_argument..parse_ids_arguments at 0x7f10fafc1750>]
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/ak12/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /home/ak12/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/organizations/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/{tenantid}/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/organizations/kerberos', 'tenant_region_scope': None, 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.identity: A web browser has been opened at https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with az login --use-device-code.
msal.telemetry: Generate or reuse correlation_id: b7b4deb9-75e2-463e-baa2-d1acd4f6f2aa
msal.oauth2cli.oauth2: Using http://localhost:44353 as redirect_uri
msal.oauth2cli.authcode: Abort by visit http://localhost:44353?error=abort
msal.oauth2cli.authcode: Open a browser on this device to visit: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A44353&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2F.default+offline_access+openid+profile&state=TJSXOhjampVzGcLb&code_challenge=Lu7dj0IFPbgkD05f_R5ADGP0U36xxcxd0TENvnJS2uE&code_challenge_method=S256&nonce=142ce85ae8c5bffeee35f3d596eecd22b12c76e488bd044ff638e58fb8e9e18e&client_info=1&claims=%7B%22access_token%22%3A+%7B%22xms_cc%22%3A+%7B%22values%22%3A+%5B%22CP1%22%5D%7D%7D%7D&prompt=select_account
tcgetpgrp failed: Not a tty
msal.oauth2cli.authcode: code 400, message Bad request version ('\x00\x12\x00\x10\x04\x03\x08\x04\x04\x01\x05\x03\x08\x05\x05\x01\x08\x06\x06\x01\x00-\x00\x02\x01\x01\x00')
msal.oauth2cli.authcode: "������ü��\¡,ÆUÅ"På�ëDÜ× 8[�*:^ôïEV éå SÓ6ä'eñpäU�^S6´¯Ò² q_±!Ù"ºº��������À+À/À,À0̨̩À�À�/5��ÊÊÿ��+�ZZ����
localhost�Di���h2��
������������-���" 400 - �hhttp/1.1#
msal.oauth2cli.authcode: code 400, message Bad request version ('localhost\x00+\x00\x07\x06ZZ\x03\x04\x03\x03\x00\x12\x00\x00\x00')
÷!Æð.&6h6lqð«wJq��|/"::��������À+À/À,À0̨̩À�À�/5��JJ ��-������� ���������������+)ºº�� ¦�£�-Ñ ¡wãÎú �hhttp/1.1���#ÿ��Di���h2� YäP�GJHÇýloO localhost+�ZZ�����" 400 - msal.oauth2cli.authcode: code 400, message Bad request version ('²HåíO¼Øð\x08\x10\x7f9Ië\x15tYa¹O³}×P5î\x13ÍÆìÔÇ\x00"') msal.oauth2cli.authcode: "������ü��yϯMÇÙ?QÆHG(Ü�¢³%l4è#ÇÂHP ²HåíO¼Ø�9Ië�tYa¹O³}×P5î�ÍÆìÔÇ"" 400 - msal.oauth2cli.authcode: code 400, message Bad request version ('\x00\x02\x01\x00\x00#\x00\x00\x00') Ù�M"{ [tìí2L2êó{õNõs«y:·!Å�.|{GÎ@��g��ôj"jj��������À+À/À,À0̨̩À�À�/5��jj ��#" 400 - msal.oauth2cli.authcode: code 400, message Bad request version ('localhost\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00') msal.oauth2cli.authcode: "������ü��íæÛò�beÃæp@ñÀ�Í\ö�TZ|Ìø Ú°«ÔÉ& lmGÐÎ`´ *Kv/|û�
¦>Ð&?É"ZZ��������À+À/À,À0̨̩À�À�/5��JJ+�jj����������
��
��+)ºº�� C)b�"TïÇ®ì�dmúX¨WqÕû»2Wc��
localhost���" 400 -
msal.oauth2cli.authcode: code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x02\x00\x01\x00\x01ü\x03\x03\x1b©ï&õ\x17í\x06y\x00T¾ì4K\x9f¿ËªZN=D\x97È\x05Ã(Ö\x00ù\x88')
msal.oauth2cli.authcode: "������ü��ï&õ�í�yT¾ì4K¿ËªZN=DÈ�Ã(Öù rS·>à]k÷ÎG])¸0Ýþº»ëwÿ?GOA"ZZ��������À+À/À,À0̨̩À�À�/5��zz" 400 -
^Ccli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f10fb1b2cb0>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 29.988 seconds (init: 0.420, invoke: 29.568)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3383 in cache
telemetry.check: Returns Positive.
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/usr/bin/../../opt/az/bin/python3 /opt/az/lib/python3.10/site-packages/azure/cli/telemetry/init.py /home/ak12/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.

[yonzhan]

@jiasli for awareness

[jiasli]

I guess your browser is showing ERR_SSL_PROTOCOL_ERROR:

In that case, please see #10426 (comment)