az webapp auth update: "Not compatible with auth settings 2.0", for newly created webapp #30322

filleokus · 2024-11-12T12:34:56Z

If I create a new webapp and try to enable authentication for the first time with az webapp auth update I get an error message:

Cannot use auth v2 commands when the app is using auth v1. Update the auth settings using the az webapp auth-classic command group

When looking at the debug output I see that the response to GET /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authSettingsV2/list?api-version=2020-12-01 HTTP/1.1 is

{
    "id": "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authsettingsV2",
    "name": "authsettingsV2",
    "type": "Microsoft.Web/sites/config",
    "location": "West Europe",
    "properties": {
        "platform": {
            "enabled": false
        }
    }
}

In the is_app_new_to_auth check (which is used in update_auth_settings_v2_rest_call) it requires that properties is an empty object: json.dumps(existing_site_auth_settings_v2["properties"]) == "{}", which mine isn't (I have the platform object).

It could of course be something else that's wrong (or something on my side). But this worked in our pipeline just a few weeks ago and was broken today, and I can't figure out any changes on our side.

Thanks for any assistance

Steps to reproduce:

Create a new web app
Try to enable authentication

Full debug output

PS $LOCAL_PATH> az webapp create -g $rg -p $plan -n "debugapp" --runtime "NODE:20-lts"
# output redacted
PS $LOCAL_PATH> az webapp auth update --debug --name "debugapp" --resource-group $rg --enabled true --action RedirectToLoginPage --redirect-provider "azureactivedirectory"
cli.knack.cli: Command arguments: ['webapp', 'auth', 'update', '--debug', '--name', 'debugapp', '--resource-group', '$RG', '--enabled', 'true', '--action', 'RedirectToLoginPage', '--redirect-provider', 'azureactivedirectory']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x000002230716F2E0>, <function OutputProducer.on_global_arguments at 0x000002230750C040>, <function CLIQuery.on_global_arguments at 0x0000022307531440>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'webapp': ['azure.cli.command_modules.appservice', 'azext_authV2', 'azure.cli.command_modules.serviceconnector']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name                  Load Time    Groups  Commands
cli.azure.cli.core: appservice                0.430        79       270
cli.azure.cli.core: serviceconnector          0.023        20       315
cli.azure.cli.core: Total (2)                 0.453        99       585
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name                  Load Time    Groups  Commands  Directory
cli.azure.cli.core: authV2                    0.004        11        24  C:\Users\$USER_ID\.azure\cliextensions\authV2
cli.azure.cli.core: Total (1)                 0.004        11        24
cli.azure.cli.core: Loaded 106 groups, 607 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command  : webapp auth update
cli.azure.cli.core: Command table: webapp auth update
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x00000223097E9940>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\$USER_ID\.azure\commands\2024-11-12.13-08-16.webapp_auth_update.39300.log'.
az_command_data_logger: command args: webapp auth update --debug --name {} --resource-group {} --enabled {} --action {} --redirect-provider {}
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x0000022309836F20>]
D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\paramiko/pkey.py:100: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\paramiko/transport.py:259: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x00000223098A9300>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x00000223098A9440>, <function register_upcoming_breaking_change_info.<locals>.update_breaking_change_info at 0x00000223098A94E0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000002230750C0E0>, <function CLIQuery.handle_query_parameter at 0x00000223075314E0>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x00000223098A93A0>]
az_command_data_logger: extension name: authV2
az_command_data_logger: extension version: 0.1.3
cli.azure.cli.core.commands: The behavior of this command has been altered by the following extension: authV2
cli.azure.cli.core.util: Found subscription ID $SUBSCRIPTION_ID in the URL https://management.azure.com//subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authSettingsV2/list?api-version=2020-12-01
cli.azure.cli.core.util: Retrieving token for resource https://management.core.windows.net/, subscription $SUBSCRIPTION_ID
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\\Users\\$USER_ID\\.azure\\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\$USER_ID\.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/$ENTRA_ID
msal.authority: openid_config("https://login.microsoftonline.com/$ENTRA_ID/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/$ENTRA_ID/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/$ENTRA_ID/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 7d89ed14-6796-4d9b-b09c-a39597681347
cli.azure.cli.core.util: Request URL: 'https://management.azure.com//subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authSettingsV2/list?api-version=2020-12-01'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util:     'User-Agent': 'python/3.12.7 (Windows-11-10.0.22631-SP0) AZURECLI/2.66.0 (MSI)'
cli.azure.cli.core.util:     'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util:     'Accept': '*/*'
cli.azure.cli.core.util:     'Connection': 'keep-alive'
cli.azure.cli.core.util:     'x-ms-client-request-id': '652c14c4-97bb-4c46-be39-6e659d63ad8d'
cli.azure.cli.core.util:     'CommandName': 'webapp auth update'
cli.azure.cli.core.util:     'ParameterSetName': '--debug --name --resource-group --enabled --action --redirect-provider'
cli.azure.cli.core.util:     'Authorization': 'Bearer REDACTED...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authSettingsV2/list?api-version=2020-12-01 HTTP/1.1" 200 306
cli.azure.cli.core.util: Response status: 200
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util:     'Cache-Control': 'no-cache'
cli.azure.cli.core.util:     'Pragma': 'no-cache'
cli.azure.cli.core.util:     'Content-Length': '306'
cli.azure.cli.core.util:     'Content-Type': 'application/json'
cli.azure.cli.core.util:     'Expires': '-1'
cli.azure.cli.core.util:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.util:     'x-ms-request-id': '71be13a8-91f2-4a31-aeac-9b35f6caceb8'
cli.azure.cli.core.util:     'X-AspNet-Version': '4.0.30319'
cli.azure.cli.core.util:     'X-Powered-By': 'ASP.NET'
cli.azure.cli.core.util:     'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.util:     'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.util:     'x-ms-correlation-request-id': '1da1102b-f490-4a1d-8439-ac5e134bb7e8'
cli.azure.cli.core.util:     'x-ms-routing-request-id': 'SWEDENCENTRAL:20241112T120817Z:1da1102b-f490-4a1d-8439-ac5e134bb7e8'
cli.azure.cli.core.util:     'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.util:     'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.util:     'X-MSEdge-Ref': 'Ref A: 6C441BE4002D4B6D90B321302CA8D5AF Ref B: VIEEDGE1119 Ref C: 2024-11-12T12:08:16Z'
cli.azure.cli.core.util:     'Date': 'Tue, 12 Nov 2024 12:08:16 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"id":"/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authsettingsV2","name":"authsettingsV2","type":"Microsoft.Web/sites/config","location":"West Europe","properties":{"platform":{"enabled":false}}}
cli.azure.cli.core.util: Found subscription ID $SUBSCRIPTION_ID in the URL https://management.azure.com//subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authSettings/list?api-version=2020-12-01
cli.azure.cli.core.util: Retrieving token for resource https://management.core.windows.net/, subscription $SUBSCRIPTION_ID
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/$ENTRA_ID
msal.authority: openid_config("https://login.microsoftonline.com/$ENTRA_ID/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/$ENTRA_ID/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/$ENTRA_ID/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 4c85ec26-2485-4550-b5b2-058cda298aa1
cli.azure.cli.core.util: Request URL: 'https://management.azure.com//subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authSettings/list?api-version=2020-12-01'
cli.azure.cli.core.util: Request method: 'POST'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util:     'User-Agent': 'python/3.12.7 (Windows-11-10.0.22631-SP0) AZURECLI/2.66.0 (MSI)'
cli.azure.cli.core.util:     'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util:     'Accept': '*/*'
cli.azure.cli.core.util:     'Connection': 'keep-alive'
cli.azure.cli.core.util:     'x-ms-client-request-id': '24801c16-61ef-4a42-84ed-78296edcbb42'
cli.azure.cli.core.util:     'CommandName': 'webapp auth update'
cli.azure.cli.core.util:     'ParameterSetName': '--debug --name --resource-group --enabled --action --redirect-provider'
cli.azure.cli.core.util:     'Authorization': 'Bearer REDACTED...'
cli.azure.cli.core.util:     'Content-Length': '0'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "POST /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authSettings/list?api-version=2020-12-01 HTTP/1.1" 200 1236
cli.azure.cli.core.util: Response status: 200
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util:     'Cache-Control': 'no-cache'
cli.azure.cli.core.util:     'Pragma': 'no-cache'
cli.azure.cli.core.util:     'Content-Length': '1236'
cli.azure.cli.core.util:     'Content-Type': 'application/json'
cli.azure.cli.core.util:     'Expires': '-1'
cli.azure.cli.core.util:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.util:     'x-ms-request-id': '1a794980-7889-48fc-8da6-25317dc590fe'
cli.azure.cli.core.util:     'X-AspNet-Version': '4.0.30319'
cli.azure.cli.core.util:     'X-Powered-By': 'ASP.NET'
cli.azure.cli.core.util:     'x-ms-ratelimit-remaining-subscription-resource-requests': '11999'
cli.azure.cli.core.util:     'x-ms-correlation-request-id': '38cceda3-425a-4403-a34d-63a9d867f77a'
cli.azure.cli.core.util:     'x-ms-routing-request-id': 'SWEDENSOUTH:20241112T120817Z:38cceda3-425a-4403-a34d-63a9d867f77a'
cli.azure.cli.core.util:     'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.util:     'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.util:     'X-MSEdge-Ref': 'Ref A: BA97F7C9CCBA43B999A7D769DEC8AA18 Ref B: VIEEDGE1516 Ref C: 2024-11-12T12:08:17Z'
cli.azure.cli.core.util:     'Date': 'Tue, 12 Nov 2024 12:08:16 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"id":"/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authsettings","name":"authsettings","type":"Microsoft.Web/sites/config","location":"West Europe","properties":{"enabled":false,"unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null,"configVersion":"v1"}}
cli.azure.cli.core.util: Found subscription ID $SUBSCRIPTION_ID in the URL https://management.azure.com//subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authSettingsV2/list?api-version=2020-12-01
cli.azure.cli.core.util: Retrieving token for resource https://management.core.windows.net/, subscription $SUBSCRIPTION_ID
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/$ENTRA_ID
msal.authority: openid_config("https://login.microsoftonline.com/$ENTRA_ID/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/$ENTRA_ID/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/$ENTRA_ID/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/$ENTRA_ID/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 0d8d1e64-de6c-42a1-b7f2-4a66fb05aa40
cli.azure.cli.core.util: Request URL: 'https://management.azure.com//subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authSettingsV2/list?api-version=2020-12-01'
cli.azure.cli.core.util: Request method: 'GET'
cli.azure.cli.core.util: Request headers:
cli.azure.cli.core.util:     'User-Agent': 'python/3.12.7 (Windows-11-10.0.22631-SP0) AZURECLI/2.66.0 (MSI)'
cli.azure.cli.core.util:     'Accept-Encoding': 'gzip, deflate'
cli.azure.cli.core.util:     'Accept': '*/*'
cli.azure.cli.core.util:     'Connection': 'keep-alive'
cli.azure.cli.core.util:     'x-ms-client-request-id': '6942be61-b334-45ed-be88-8803c31ab346'
cli.azure.cli.core.util:     'CommandName': 'webapp auth update'
cli.azure.cli.core.util:     'ParameterSetName': '--debug --name --resource-group --enabled --action --redirect-provider'
cli.azure.cli.core.util:     'Authorization': 'Bearer REDACTED...'
cli.azure.cli.core.util: Request body:
cli.azure.cli.core.util: None
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authSettingsV2/list?api-version=2020-12-01 HTTP/1.1" 200 306
cli.azure.cli.core.util: Response status: 200
cli.azure.cli.core.util: Response headers:
cli.azure.cli.core.util:     'Cache-Control': 'no-cache'
cli.azure.cli.core.util:     'Pragma': 'no-cache'
cli.azure.cli.core.util:     'Content-Length': '306'
cli.azure.cli.core.util:     'Content-Type': 'application/json'
cli.azure.cli.core.util:     'Expires': '-1'
cli.azure.cli.core.util:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.util:     'x-ms-request-id': 'bc67a6d6-d8bd-49bf-8b58-f96cc275b398'
cli.azure.cli.core.util:     'X-AspNet-Version': '4.0.30319'
cli.azure.cli.core.util:     'X-Powered-By': 'ASP.NET'
cli.azure.cli.core.util:     'x-ms-ratelimit-remaining-subscription-reads': '249'
cli.azure.cli.core.util:     'x-ms-ratelimit-remaining-subscription-global-reads': '3749'
cli.azure.cli.core.util:     'x-ms-correlation-request-id': '576c9e69-7b01-49e6-9287-713c3a2ccd89'
cli.azure.cli.core.util:     'x-ms-routing-request-id': 'SWEDENSOUTH:20241112T120818Z:576c9e69-7b01-49e6-9287-713c3a2ccd89'
cli.azure.cli.core.util:     'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.util:     'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.util:     'X-MSEdge-Ref': 'Ref A: 05398423254C4771A8B67020EEF3F0CE Ref B: VIEEDGE1506 Ref C: 2024-11-12T12:08:17Z'
cli.azure.cli.core.util:     'Date': 'Tue, 12 Nov 2024 12:08:17 GMT'
cli.azure.cli.core.util: Response content:
cli.azure.cli.core.util: {"id":"/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Web/sites/debugapp/config/authsettingsV2","name":"authsettingsV2","type":"Microsoft.Web/sites/config","location":"West Europe","properties":{"platform":{"enabled":false}}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 666, in execute
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 733, in _run_jobs_serially
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 703, in _run_job
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 336, in __call__
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
  File "C:\Users\$USER_ID\.azure\cliextensions\authV2\azext_authV2\custom.py", line 170, in update_auth_settings_v2
    return update_auth_settings_v2_rest_call(cmd, resource_group_name, name, json_object, slot)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\$USER_ID\.azure\cliextensions\authV2\azext_authV2\custom.py", line 66, in update_auth_settings_v2_rest_call
    raise CLIError(msg)
knack.util.CLIError: Usage Error: Cannot use auth v2 commands when the app is using auth v1. Update the auth settings using the az webapp auth-classic command group.

cli.azure.cli.core.azclierror: Usage Error: Cannot use auth v2 commands when the app is using auth v1. Update the auth settings using the az webapp auth-classic command group.
az_command_data_logger: Usage Error: Cannot use auth v2 commands when the app is using auth v1. Update the auth settings using the az webapp auth-classic command group.
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x00000223097E9BC0>]
az_command_data_logger: exit code: 1
cli.__main__: Command ran in 3.146 seconds (init: 0.365, invoke: 2.781)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 4003 in cache file under C:\Users\$USER_ID\.azure\telemetry\20241112130818901
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry\__init__.pyc C:\Users\$USER_ID\.azure C:\Users\$USER_ID\.azure\telemetry\20241112130818901"
telemetry.process: Return from creating process 38784
telemetry.main: Finish creating telemetry upload process.

The text was updated successfully, but these errors were encountered:

yonzhan · 2024-11-12T12:35:08Z

Thank you for opening this issue, we will look into it.

github-actions · 2024-11-12T12:35:53Z

Here are some similar issues that might help you. Please check if they can solve your problem.

WebApp:az webapp auth update not compatible with Auth settings 2.0 #17837

filleokus · 2024-11-12T12:58:48Z

Or ah... az webapp auth config-version show --name "debugapp" --resource-group $rg shows:

{
  "configVersion": "v1"
}

If I then upgrade by az webapp auth config-version upgrade --name "debugapp" --resource-group $rg, the original command works. Maybe something has changed on our side after all.

But feels strange to require updating non-existent settings for a brand new app. Is v2 not the default? 🙂

microsoft-github-policy-service bot added the customer-reported Issues that are reported by GitHub users external to the Azure organization. label Nov 12, 2024

microsoft-github-policy-service bot added Web Apps az webapp Service Attention This issue is responsible by Azure service team. Auto-Assign Auto assign by bot app-service-authentication labels Nov 12, 2024

microsoft-github-policy-service bot assigned Hamster-Huey Nov 12, 2024

microsoft-github-policy-service bot added the app-service-general label Nov 12, 2024

microsoft-github-policy-service bot assigned seligj95 Nov 12, 2024

github-actions bot added the Similar-Issue label Nov 12, 2024

seligj95 removed the app-service-general label Nov 12, 2024

seligj95 removed their assignment Nov 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

az webapp auth update: "Not compatible with auth settings 2.0", for newly created webapp #30322

az webapp auth update: "Not compatible with auth settings 2.0", for newly created webapp #30322

filleokus commented Nov 12, 2024

yonzhan commented Nov 12, 2024

github-actions bot commented Nov 12, 2024

filleokus commented Nov 12, 2024

az webapp auth update: "Not compatible with auth settings 2.0", for newly created webapp #30322

az webapp auth update: "Not compatible with auth settings 2.0", for newly created webapp #30322

Comments

filleokus commented Nov 12, 2024

yonzhan commented Nov 12, 2024

github-actions bot commented Nov 12, 2024

filleokus commented Nov 12, 2024