What specific syntax or commands need to be added to the sequence of Azure CLI commands below in order to remove the root cause of the AADSTS700082
error so that the commands can run without error?
And what is going on behind the scenes to cause this seemingly senseless error?
C:\path\to\dir>az login --service-principal -u long-alpha-numeric-id -p long-pass-word --tenant 88888888-4444-4444-4444-121212121212
[
{
"cloudName": "AzureCloud",
"homeTenantId": "88888888-4444-4444-4444-121212121212",
"id": "11111111-1111-1111-1111-111111111111",
"isDefault": true,
"managedByTenants": [],
"name": "SomeName",
"state": "Enabled",
"tenantId": "88888888-4444-4444-4444-121212121212",
"user": {
"name": "long-alpha-numeric-id",
"type": "servicePrincipal"
}
},
{
"cloudName": "AzureCloud",
"homeTenantId": "88888888-4444-4444-4444-121212121212",
"id": "22222222-2222-2222-2222-222222222222",
"isDefault": false,
"managedByTenants": [],
"name": "AnotherName",
"state": "Enabled",
"tenantId": "88888888-4444-4444-4444-121212121212",
"user": {
"name": "long-alpha-numeric-id",
"type": "servicePrincipal"
}
}
]
C:\path\to\dir>az account set --subscription 12345678-1234-1234-1234-123456789012
C:\path\to\dir>az group create --name myRG --location eastus
AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2023-05-04T21:19:28.1452801Z and was inactive for 90.00:00:00. Trace ID: 87654321-4321-4321-4321-210987654321 Correlation ID: 80808080-4040-4040-4040-121212121212 Timestamp: 2023-11-14 01:23:55Z
Interactive authentication is needed. Please run:
az login --scope https://management.core.windows.net//.default
The secret long-pass-word
is valid and up to date for the service principal with ID long-alpha-numeric-id
. I confirmed this in the Entra Directory in the Azure Portal.
The az login --service-principal -u long-alpha-numeric-id -p long-pass-word --tenant 88888888-4444-4444-4444-121212121212
command seems to run successfully, as you can see above.
The az account set --subscription 12345678-1234-1234-1234-123456789012
command also runs without error when a valid subscription ID is passed into it.
But the az group create --name myRG --location eastus
command is throwing the AADSTS700082
error as you can see if you scroll to the bottom of the output in the OP above.
What gives?
This needs to be run completely in automation, so we cannot try the Interactive authentication that is suggested in the error message.
AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2023-05-04T21:19:28.1452801Z and was inactive for 90.00:00:00. Trace ID: 87654321-4321-4321-4321-210987654321 Correlation ID: 80808080-4040-4040-4040-121212121212 Timestamp: 2023-11-14 01:23:55Z Interactive authentication is needed. Please run: az login --scope https://management.core.windows.net//.default
The error usually occurs if the refresh token has been expired and to resolve the error, you need to re-run az
login.
In your case, the error is due to the existing az
session that needs to be logged out.
Hence to resolve the error, execute az logout
and the re-run the commands:
az logout
az login --service-principal -u ClientID -p ClientSecret --tenant TenantID
az account set --subscription SubscriptionID
az group create --name RukRG --location eastus
Resource group created successfully: