Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't do az login: RuntimeError: 0. The ID token is not yet valid. #20388

Closed
carlos-garcia-flw opened this issue Nov 17, 2021 · 12 comments
Closed

Can't do az login: RuntimeError: 0. The ID token is not yet valid. #20388

carlos-garcia-flw opened this issue Nov 17, 2021 · 12 comments
Assignees
@jiasli
Labels
Account az login/account common issue customer-reported Issues that are reported by GitHub users external to the Azure organization. MSAL
Milestone
Backlog

Comments

@carlos-garcia-flw
Copy link

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name
az login

Errors:

The command failed with an unexpected error. Here is the traceback:
0. The ID token is not yet valid. Current epoch = 1637158952.  The id_token was: {
  "aud": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
  "iss": "https://login.microsoftonline.com/e1b4ceea-1305-421c-9ea8-f724a6a835d7/v2.0",
  "iat": 1637159134,
  "nbf": 1637159134,
  "exp": 1637163034,
  "aio": "AVQAq/8TAAAAaKquAsSjlP+y4x0LEAR4fCQ5S1UqNp/BIYiYBn8EQ+gcjDGt8TVhQYyQbJZg6wbszWN+ha06Su0WS8jTwaqsCilJDyvI69ZOy2xJysxOYas=",
  "name": "Carlos Garc\u00eda Aparicio",
  "oid": "43fa9432-6f2c-4298-8219-1305c911c7f0",
  "preferred_username": "[email protected]",
  "puid": "10033FFFACF6551C",
  "rh": "0.ASEA6s604QUTHEKeqPckpqg115V3sATbjRpGu-4C-eG_e0YhAD4.",
  "sub": "hOHnYP1huZEUv2McMHm8f177Q_hG_UgXY8tLy5dAqLE",
  "tid": "e1b4ceea-1305-421c-9ea8-f724a6a835d7",
  "uti": "etstUW59LkaBvLDfDRwgAA",
  "ver": "2.0"
}
Traceback (most recent call last):
  File "/usr/lib64/az/lib/python3.6/site-packages/knack/cli.py", line 231, in invoke
    cmd_result = self.invocation.execute(args)
  File "/usr/lib64/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 657, in execute
    raise ex
  File "/usr/lib64/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 720, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/usr/lib64/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 691, in _run_job
    result = cmd_copy(params)
  File "/usr/lib64/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 328, in __call__
    return self.handler(*args, **kwargs)
  File "/usr/lib64/az/lib/python3.6/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
    return op(**command_args)
  File "/usr/lib64/az/lib/python3.6/site-packages/azure/cli/command_modules/profile/custom.py", line 154, in login
    use_cert_sn_issuer=use_cert_sn_issuer)
  File "/usr/lib64/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 153, in login
    user_identity = identity.login_with_device_code(scopes=scopes, **kwargs)
  File "/usr/lib64/az/lib/python3.6/site-packages/azure/cli/core/auth/identity.py", line 132, in login_with_device_code
    result = self.msal_app.acquire_token_by_device_flow(flow, **kwargs)  # By default it will block
  File "/usr/lib64/az/lib/python3.6/site-packages/msal/application.py", line 1561, in acquire_token_by_device_flow
    **kwargs))
  File "/usr/lib64/az/lib/python3.6/site-packages/msal/oauth2cli/oauth2.py", line 384, in obtain_token_by_device_flow
    result = self._obtain_token_by_device_flow(flow, **kwargs)
  File "/usr/lib64/az/lib/python3.6/site-packages/msal/oauth2cli/oauth2.py", line 347, in _obtain_token_by_device_flow
    self.DEVICE_FLOW["GRANT_TYPE"], data=data, **kwargs)
  File "/usr/lib64/az/lib/python3.6/site-packages/msal/oauth2cli/oidc.py", line 115, in _obtain_token
    ret = super(Client, self)._obtain_token(grant_type, *args, **kwargs)
  File "/usr/lib64/az/lib/python3.6/site-packages/msal/oauth2cli/oauth2.py", line 777, in _obtain_token
    "response": _resp, "params": params, "data": _data,
  File "/usr/lib64/az/lib/python3.6/site-packages/msal/application.py", line 524, in <lambda>
    event, environment=authority.instance)),
  File "/usr/lib64/az/lib/python3.6/site-packages/msal/token_cache.py", line 307, in add
    super(SerializableTokenCache, self).add(event, **kwargs)
  File "/usr/lib64/az/lib/python3.6/site-packages/msal/token_cache.py", line 113, in add
    return self.__add(event, now=now)
  File "/usr/lib64/az/lib/python3.6/site-packages/msal/token_cache.py", line 153, in __add
    if id_token else {})
  File "/usr/lib64/az/lib/python3.6/site-packages/msal/oauth2cli/oidc.py", line 77, in decode_id_token
    err, _now, json.dumps(decoded, indent=2)))
RuntimeError: 0. The ID token is not yet valid. Current epoch = 1637158952.  The id_token was: {
  "aud": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
  "iss": "https://login.microsoftonline.com/e1b4ceea-1305-421c-9ea8-f724a6a835d7/v2.0",
  "iat": 1637159134,
  "nbf": 1637159134,
  "exp": 1637163034,
  "aio": "AVQAq/8TAAAAaKquAsSjlP+y4x0LEAR4fCQ5S1UqNp/BIYiYBn8EQ+gcjDGt8TVhQYyQbJZg6wbszWN+ha06Su0WS8jTwaqsCilJDyvI69ZOy2xJysxOYas=",
  "name": "Carlos Garc\u00eda Aparicio",
  "oid": "43fa9432-6f2c-4298-8219-1305c911c7f0",
  "preferred_username": "[email protected]",
  "puid": "10033FFFACF6551C",
  "rh": "0.ASEA6s604QUTHEKeqPckpqg115V3sATbjRpGu-4C-eG_e0YhAD4.",
  "sub": "hOHnYP1huZEUv2McMHm8f177Q_hG_UgXY8tLy5dAqLE",
  "tid": "e1b4ceea-1305-421c-9ea8-f724a6a835d7",
  "uti": "etstUW59LkaBvLDfDRwgAA",
  "ver": "2.0"
}

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

  • Put any pre-requisite steps here...
  • az login

Expected Behavior

Environment Summary

Linux-5.5.1-1.el7.elrepo.x86_64-x86_64-with-centos-7.9.2009-Core, CentOS Linux 7 (Core)
Python 3.6.8
Installer: RPM

azure-cli 2.30.0

Extensions:
ssh 0.1.8

Additional Context
@ghost ghost added needs-triage This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that customer-reported Issues that are reported by GitHub users external to the Azure organization. labels Nov 17, 2021
@yonzhan yonzhan added Account az login/account and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Nov 17, 2021
@yonzhan yonzhan added this to the Backlog milestone Nov 17, 2021
@yonzhan
Copy link
Collaborator

yonzhan commented Nov 17, 2021
edited
Loading

This is the parent issue of 'The ID token is not yet valid'

@jiasli
Copy link
Member

jiasli commented Nov 18, 2021

Could you check #20158 (comment)?

@jiasli jiasli added the MSAL label Nov 18, 2021
@jiasli jiasli changed the title Can't do az login 🤷🏻‍♂️ Can't do az login: The ID token is not yet valid Nov 18, 2021
@jiasli jiasli mentioned this issue Nov 19, 2021
Closed
@jiasli jiasli closed this as completed Nov 22, 2021
@jiasli
Copy link
Member

jiasli commented Dec 7, 2021
edited
Loading

Symptom

The ID token is not yet valid. Current epoch = 1637158952.

Root cause

This issue is because the time on the computer is not correct. MSAL checks nbf and thinks the ID token is not yet valid.

Solution

Please make sure your computer's time is configured correctly.

MSAL is refining the error message in AzureAD/microsoft-authentication-library-for-python#449.

This was referenced Dec 7, 2021
Closed
Closed
@jiasli jiasli removed this from the Backlog milestone Dec 13, 2021
This was referenced Dec 21, 2021
Closed
Closed
Closed
Closed
@jiasli jiasli changed the title Can't do az login: The ID token is not yet valid Can't do az login: RuntimeError: 0. The ID token is not yet valid. Dec 23, 2021
@yonzhan yonzhan added this to the Backlog milestone Dec 23, 2021
This was referenced Dec 24, 2021
Closed
Closed
Closed
This was referenced Jan 4, 2022
Closed
Closed
@yonzhan yonzhan mentioned this issue Jul 18, 2022
Closed
@bebound bebound mentioned this issue Jul 22, 2022
Closed
@jiasli jiasli mentioned this issue Jul 25, 2022
Closed
@yonzhan yonzhan mentioned this issue Aug 11, 2022
Closed
@yonzhan yonzhan mentioned this issue Aug 18, 2022
Closed
@yonzhan yonzhan mentioned this issue Sep 2, 2022
Closed
This was referenced Oct 6, 2022
Closed
Closed
@andrew-lee-1089
Copy link

Just as an FYI for anyone else who hits this on WSL

There is an open WSL bug (microsoft/WSL#8204) where WSL2 date is set incorrectly after waking from sleep which seems to be causing this alot at the moment.

@yonzhan yonzhan mentioned this issue Oct 27, 2022
Closed
@navba-MSFT navba-MSFT mentioned this issue Nov 17, 2022
Closed
This was referenced Nov 30, 2022
Closed
Closed
@yonzhan yonzhan mentioned this issue Dec 13, 2022
Closed
This was referenced Jan 4, 2023
Closed
Closed
@yonzhan yonzhan mentioned this issue Jan 18, 2023
Closed
@yonzhan yonzhan mentioned this issue Feb 1, 2023
Closed
@yonzhan yonzhan mentioned this issue Mar 11, 2023
Closed
@yonzhan yonzhan mentioned this issue Mar 21, 2023
Closed
@bootsie123 bootsie123 mentioned this issue May 16, 2023
Closed
@azure-client-tools-bot-prd azure-client-tools-bot-prd bot mentioned this issue Jun 6, 2023
Closed
@yonzhan yonzhan mentioned this issue Jun 22, 2023
Open
@ethanabrooks
Copy link

@jiasli , yes, I am on a MSFT device, but still can set my time manually. Even when I had that authentication problem, the time seemed off by less than a second at most, and the timezone was set correctly. On the same machine, I was able to authenticate successfully 4 hours earlier.
The only thing I could think of: My authentication request came from within WSL, and I seem to recall that there had been issues with WSL and how its clock can be off after sleep.
This morning, I had the same issue, so I ran sudo hwclock -s in WSL, and the problem disappeared.

This worked this morning. Now the error appears even after running sudo hwclock -s.

@HanfiroBoy
Copy link

@jiasli , yes, I am on a MSFT device, but still can set my time manually. Even when I had that authentication problem, the time seemed off by less than a second at most, and the timezone was set correctly. On the same machine, I was able to authenticate successfully 4 hours earlier. The only thing I could think of: My authentication request came from within WSL, and I seem to recall that there had been issues with WSL and how its clock can be off after sleep. This morning, I had the same issue, so I ran sudo hwclock -s in WSL, and the problem disappeared.

This worked perfectly! Thank you :)

@MoChilia MoChilia mentioned this issue Jul 17, 2023
Closed
@cforce
Copy link

cforce commented Oct 15, 2023

This is the solving workaround microsoft/WSL#8204 (comment)

Open
@jiasli jiasli mentioned this issue Feb 29, 2024
Merged
@jiasli jiasli mentioned this issue Mar 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
Account az login/account common issue customer-reported Issues that are reported by GitHub users external to the Azure organization. MSAL
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
10 participants
@cforce @jiasli @ant0nsc @john3939 @ethanabrooks @carlos-garcia-flw @andrew-lee-1089 @HanfiroBoy @yonzhan @shekhag