Azure CLI command to resolve refresh token error
What specific syntax or commands need to be added to the sequence of Azure CLI commands below in order to remove the root cause of the AADSTS700082 error so that the commands can run without error?
And what is going on behind the scenes to cause this seemingly senseless error?
C:\path\to\dir>az login --service-principal -u long-alpha-numeric-id -p long-pass-word --tenant 88888888-4444-4444-4444-121212121212
[
{
"cloudName": "AzureCloud",
"homeTenantId": "88888888-4444-4444-4444-121212121212",
"id": "11111111-1111-1111-1111-111111111111",
"isDefault": true,
"managedByTenants": [],
"name": "SomeName",
"state": "Enabled",
"tenantId": "88888888-4444-4444-4444-121212121212",
"user": {
"name": "long-alpha-numeric-id",
"type": "servicePrincipal"
}
},
{
"cloudName": "AzureCloud",
"homeTenantId": "88888888-4444-4444-4444-121212121212",
"id": "22222222-2222-2222-2222-222222222222",
"isDefault": false,
"managedByTenants": [],
"name": "AnotherName",
"state": "Enabled",
"tenantId": "88888888-4444-4444-4444-121212121212",
"user": {
"name": "long-alpha-numeric-id",
"type": "servicePrincipal"
}
}
]
C:\path\to\dir>az account set --subscription 12345678-1234-1234-1234-123456789012
C:\path\to\dir>az group create --name myRG --location eastus
AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2023-05-04T21:19:28.1452801Z and was inactive for 90.00:00:00. Trace ID: 87654321-4321-4321-4321-210987654321 Correlation ID: 80808080-4040-4040-4040-121212121212 Timestamp: 2023-11-14 01:23:55Z
Interactive authentication is needed. Please run:
az login --scope https://management.core.windows.net//.default
The secret long-pass-word is valid and up to date for the service principal with ID long-alpha-numeric-id. I confirmed this in the Entra Directory in the Azure Portal.
The az login --service-principal -u long-alpha-numeric-id -p long-pass-word --tenant 88888888-4444-4444-4444-121212121212 command seems to run successfully, as you can see above.
The az account set --subscription 12345678-1234-1234-1234-123456789012 command also runs without error when a valid subscription ID is passed into it.
But the az group create --name myRG --location eastus command is throwing the AADSTS700082 error as you can see if you scroll to the bottom of the output in the OP above.
What gives?
This needs to be run completely in automation, so we cannot try the Interactive authentication that is suggested in the error message.
AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2023-05-04T21:19:28.1452801Z and was inactive for 90.00:00:00. Trace ID: 87654321-4321-4321-4321-210987654321 Correlation ID: 80808080-4040-4040-4040-121212121212 Timestamp: 2023-11-14 01:23:55Z Interactive authentication is needed. Please run: az login --scope https://management.core.windows.net//.default
The error usually occurs if the refresh token has been expired and to resolve the error, you need to re-run az login.
In your case, the error is due to the existing az session that needs to be logged out.
Hence to resolve the error, execute az logout and the re-run the commands:
az logout
az login --service-principal -u ClientID -p ClientSecret --tenant TenantID
az account set --subscription SubscriptionID
az group create --name RukRG --location eastus
Resource group created successfully:
- Azure C# Cosmos DB: Property "id" is missing when it's actually present
- Azure Permission - needed for creating resource group - RBAC
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- Can the Azure Service Bus be delayed before retrying a message?
- azure documentdb create document duplicates Id property
- JWT validation failure error in azure apim
- Azure App Service and Application Insights where is performance test?
- Is it possible to have a non-interactive code that logs in to Azure and creates users in Microsoft Entra ID?
- Change Default Service Version of Microsoft Azure Blob - PHP
- Microsoft Graph: How to filter users by domain name
- Azure App Service Plan CPU Spikes to 100%
- Unable to Authenticate to DevOps API with Angual MSAL
- Azure Databricks: Not able to parameterize keys option of dlt.apply_changes
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Attaching a private static ip address to Azure Container Instance
- Azure Synapse severless SQL pool - query execution fails
- How to login via Service Principal having Federated Credentials rather than Client Secrets
- Where can I find the resource id of an Azure function app in the Azure portal?
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Basic SQL commands in Terraform
- Linux Azure Webjob in nodejs referring to node.exe
- Running Azure functions locally gives "No runtime" error after .NET7 upgrade
- Azure DataSync tables not showing up
- Azure ML: Unable to find workspace
- unable to start 'Docker for windows' on Azure Win 10 VM
- How to enable virtualization in Azure VM
- Configuring AppSettings with ASP.Net Core on Azure Web App for Containers: Whither Colons?
- how to get v2 type token using msal python
- The mock in my pester test keeps calling Connect-AzAccount
- HttpResponseError in Azure Ai search