Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Token cache incompatibility with MSAL.python #279

Closed
bgavrilMS opened this issue Nov 20, 2020 · 3 comments · Fixed by #280
Closed

[Bug] Token cache incompatibility with MSAL.python #279

bgavrilMS opened this issue Nov 20, 2020 · 3 comments · Fixed by #280
Assignees
@rayluo
Labels
bug

Comments

@bgavrilMS
Copy link
Member

Which Version of MSAL are you using ?
4.21

Details in this PowerShell issue:
Azure/azure-powershell#13467

Repro

Start with PWSH, then use Az CLI, the go back to PWSH. For example:

  1. Use Windows (probably the same on Mac and Linux, but repro steps are on Win)
  2. Delete the token cache file (C:\Users<user>\AppData\Local.IdentityService\msal.cache)
  3. connect-azaccount (this is a PWSH command, so MSAL.NET)
  4. get-azsubscription (again PWSH command, so MSAL.NET)
  5. az group list (az cli command, so MSAL.PY)
  6. disconnect-azaccount (PWSH comand, so MSAL.NET)

Actual: serialization exception from MSAL.NET

Investigation

I have snapshots of the cache after step2, step3 and step4 and can provide them on request (will send them via email to you @rayluo ).

At step 3, the refresh token section looks like this:

 "RefreshToken": {
        "6eeda3a1-c3b9-4e92-a94d-965a50c06de7.72f988bf-86f1-41af-91ab-2d7cd011db47-login.windows.net-refreshtoken-1--": {
            "home_account_id": "6eeda3a1-c3b9-4e92-a94d-965a50c06de7.72f988bf-86f1-41af-91ab-2d7cd011db47",
            "environment": "login.windows.net",
            "client_info": "eyJ1aWQiOiI2ZWVkYTNhMS1jM2I5LTRlOTItYTk0ZC05NjVhNTBjMDZkZTciLCJ1dGlkIjoiNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3In0",
            "client_id": "1950a258-227b-4e31-a9cf-717495945fc2",
            "secret": "secret",
            "credential_type": "RefreshToken",
            "family_id": "1"
        }
    },

At step4, it looks like this:

"RefreshToken": {
        "6eeda3a1-c3b9-4e92-a94d-965a50c06de7.72f988bf-86f1-41af-91ab-2d7cd011db47-login.windows.net-refreshtoken-1--": {
            "home_account_id": "6eeda3a1-c3b9-4e92-a94d-965a50c06de7.72f988bf-86f1-41af-91ab-2d7cd011db47",
            "environment": "login.windows.net",
            "client_info": "eyJ1aWQiOiI2ZWVkYTNhMS1jM2I5LTRlOTItYTk0ZC05NjVhNTBjMDZkZTciLCJ1dGlkIjoiNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3In0",
            "client_id": "1950a258-227b-4e31-a9cf-717495945fc2",
            "secret": "secret",
            "credential_type": "RefreshToken",
            "family_id": "1"
        },
        "6eeda3a1-c3b9-4e92-a94d-965a50c06de7.72f988bf-86f1-41af-91ab-2d7cd011db47-login.windows.net-refreshtoken-1950a258-227b-4e31-a9cf-717495945fc2--": {
            "secret": "secret"
        }
    },

The second entry here in step 4 is invalid.

CC: @erich-wang
@bgavrilMS bgavrilMS self-assigned this Nov 20, 2020
@henrik-me
Copy link

@rayluo

@bgavrilMS
Copy link
Member Author

I made some progress on this. I am updating the bug repro steps.

@bgavrilMS bgavrilMS transferred this issue from AzureAD/microsoft-authentication-library-for-dotnet Nov 24, 2020
@henrik-me
Copy link

I consider an incompatibility bug like this P1. Thanks for investigating @bgavrilMS. @rayluo @navyasric this should be prioritized imo.

@rayluo rayluo transferred this issue from AzureAD/microsoft-authentication-extensions-for-python Nov 25, 2020
@rayluo rayluo assigned rayluo and unassigned bgavrilMS Nov 25, 2020
@rayluo rayluo mentioned this issue Nov 25, 2020
Merged
@rayluo rayluo mentioned this issue Dec 10, 2020
Merged
@jmprieur jmprieur added the bug label Apr 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rayluo rayluo

Labels
bug
Projects
MSAL Python Customer Trust
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Reuse old rt data even if its key is different AzureAD/microsoft-authentication-library-for-python
4 participants
@rayluo @bgavrilMS @jmprieur @henrik-me