I'm using the azure python sdk to programmatically connect to azure services via linux.

I can login successfully via az('login')

login found

However, when I try to create credentials and get a token, I get an error that my grant is expired:

creds = DefaultAzureCredential()
token = creds.get_token('https://database.windows.net/.default')

VisuaLStudioCodeCredential.get_token failed: Azure Active Directory error ' (invalid_grant) AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '2021-11-04T15:21:38,19517642' and the TokensValidFrom date (before which tokens are not valid) for this user is '2022-01-0819:52:17.0000000z'

How do I refresh this? I tried using az('account clear'), then az('login') but I get the same result. Is there a method specific for DefaultAzureCredential to get a refreshed token?

CodePudding user response：

DefaultAzureCredential class tries to acquire a token using multiple methods in a particular order and VS Code logged in user has a higher precedence than Azure CLI logged in user.

When you use az login, you are logging in using Azure CLI and it seems you are already logged in into VS Code using some other credentials which does not have proper permissions and this is why you are getting this error.

To fix this issue, you can exclude VS Code credentials to be considered by setting exclude_visual_studio_code_credential to true. So your code would be something like:

creds = DefaultAzureCredential(exclude_visual_studio_code_credential=true)

That way DefaultAzureCredential will not take your VS Code credentials to acquire the token.