Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clients using AzureCliCredential may send invalid access tokens #14345

Closed
chlowell opened this issue Oct 7, 2020 · 1 comment
Closed

Clients using AzureCliCredential may send invalid access tokens #14345

chlowell opened this issue Oct 7, 2020 · 1 comment
Assignees
@chlowell
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.

Comments

@chlowell
Copy link
Member

chlowell commented Oct 7, 2020

AzureCliCredential invokes az get-access-token to acquire tokens. This command gives the token's expiry time in local time as produced by datetime.fromtimestamp (here), with no timezone information. Because AzureCliCredential uses a naive datetime to convert this string to epoch seconds, it can provide a token with an incorrect expires_on value, causing a client to send an expired access token.
@chlowell chlowell added Client This issue points to a problem in the data-plane of the library. Azure.Identity labels Oct 7, 2020
@chlowell chlowell self-assigned this Oct 7, 2020
@chlowell chlowell mentioned this issue Oct 7, 2020
Merged
@chlowell
Copy link
Member Author

chlowell commented Oct 8, 2020

This is fixed in azure-identity 1.4.1 and 1.5.0b2.

@chlowell chlowell closed this as completed Oct 8, 2020
@legra-ms legra-ms mentioned this issue Oct 8, 2020
Closed
@github-actions github-actions bot locked and limited conversation to collaborators Apr 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chlowell chlowell

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chlowell