Skip to content

Clients using AzureCliCredential may send invalid access tokens #14345

New issue
New issue
Closed
Closed
Clients using AzureCliCredential may send invalid access tokens#14345
Assignees
chlowell
Labels
Azure.IdentityClientThis issue points to a problem in the data-plane of the library.
@chlowell

Description

@chlowell
chlowell
opened on Oct 7, 2020

AzureCliCredential invokes az get-access-token to acquire tokens. This command gives the token's expiry time in local time as produced by datetime.fromtimestamp (here), with no timezone information. Because AzureCliCredential uses a naive datetime to convert this string to epoch seconds, it can provide a token with an incorrect expires_on value, causing a client to send an expired access token.

Metadata

Metadata

Assignees

Labels

Azure.IdentityClientThis issue points to a problem in the data-plane of the library.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions