Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not working for user assigned MSI apptype #1496

Open
arshad98786 opened this issue Dec 24, 2024 · 3 comments
Open

Not working for user assigned MSI apptype #1496

arshad98786 opened this issue Dec 24, 2024 · 3 comments
Assignees
@Meghana-MSFT
Labels
needs-triage 🔍

Comments

@arshad98786
Copy link

Hi Team,

I’m trying to send a request using Python without providing an app password, as the authentication method is set to User Assigned Managed Identity (userAssignedMSI). However, the Python code sample provided still expects an app password, which should not be required for this authentication type.

Could you please help me resolve this issue at the earliest?

Thanks and Regards,
Arshad Ali S. K.
@Prasad-MSFT
Copy link
Collaborator

To authenticate using a User Assigned Managed Identity (userAssignedMSI) in Azure without providing an app password, you can use the azure-identity library in Python. This library allows you to authenticate using managed identities, which is a secure way to access Azure resources without needing to manage credentials.
https://learn.microsoft.com/en-us/python/api/overview/azure/identity-readme?view=azure-python#managed-identity-support

Also refer: https://learn.microsoft.com/en-us/entra/msal/python/advanced/managed-identity

@MKP-Sonata
Copy link

Hi @Prasad-MSFT ,

We tried the recommended solution but we are getting the same error we faced before.
I am pasting the error message below

2024-12-30T08:21:06.4125202Z ERROR:root:Error processing message: Failed to get access token with error: invalid_client, error_description: AADSTS7000216: 'client_assertion', 'client_secret' or 'request' is required for the 'client_credentials' grant type. Trace ID: 8e5710cf-fb1c-4b48-bfae-8675d6c35100 Correlation ID: 4e744cf8-adc7-49fb-bb94-4b5fb4451f7a Timestamp: 2024-12-30 08:21:06Z 2024-12-30T08:21:06.4125847Z Traceback (most recent call last): 2024-12-30T08:21:06.4125885Z File "/tmp/8dd26616c5a756c/bots/teams_conversation_bot.py", line 58, in on_message_activity 2024-12-30T08:21:06.4125907Z await turn_context.send_activity(response) 2024-12-30T08:21:06.4125931Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/botbuilder/core/turn_context.py", line 174, in send_activity 2024-12-30T08:21:06.4125953Z result = await self.send_activities([activity_or_text]) 2024-12-30T08:21:06.4125974Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2024-12-30T08:21:06.4126001Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/botbuilder/core/turn_context.py", line 226, in send_activities 2024-12-30T08:21:06.4126069Z return await self._emit(self._on_send_activities, output, logic()) 2024-12-30T08:21:06.4126107Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2024-12-30T08:21:06.4126131Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/botbuilder/core/turn_context.py", line 304, in _emit 2024-12-30T08:21:06.4126155Z return await logic 2024-12-30T08:21:06.4126176Z ^^^^^^^^^^^ 2024-12-30T08:21:06.4126199Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/botbuilder/core/turn_context.py", line 221, in logic 2024-12-30T08:21:06.4126224Z responses = await self.adapter.send_activities(self, output) 2024-12-30T08:21:06.4126249Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2024-12-30T08:21:06.4126274Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/botbuilder/core/bot_framework_adapter.py", line 728, in send_activities 2024-12-30T08:21:06.4126295Z raise error 2024-12-30T08:21:06.4126330Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/botbuilder/core/bot_framework_adapter.py", line 718, in send_activities 2024-12-30T08:21:06.4126353Z response = await client.conversations.send_to_conversation( 2024-12-30T08:21:06.4126376Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2024-12-30T08:21:06.4126404Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/botframework/connector/aio/operations_async/_conversations_operations_async.py", line 255, in send_to_conversation 2024-12-30T08:21:06.4126427Z response = await self._client.async_send( 2024-12-30T08:21:06.4126453Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2024-12-30T08:21:06.4126478Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/msrest/async_client.py", line 115, in async_send 2024-12-30T08:21:06.4126500Z pipeline_response = await self.config.pipeline.run(request, **kwargs) 2024-12-30T08:21:06.4126522Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2024-12-30T08:21:06.4126552Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/msrest/pipeline/async_abc.py", line 159, in run 2024-12-30T08:21:06.4126575Z return await first_node.send(pipeline_request, **kwargs) # type: ignore 2024-12-30T08:21:06.4126595Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2024-12-30T08:21:06.4126621Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/msrest/pipeline/async_abc.py", line 79, in send 2024-12-30T08:21:06.4126646Z response = await self.next.send(request, **kwargs) # type: ignore 2024-12-30T08:21:06.4126670Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2024-12-30T08:21:06.4126695Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/msrest/pipeline/async_requests.py", line 99, in send 2024-12-30T08:21:06.4126718Z self._creds.signed_session(session)2024-12-30T08:21:06.4126756Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/botframework/connector/auth/app_credentials.py", line 92, in signed_session 2024-12-30T08:21:06.4126781Z auth_token = self.get_access_token() 2024-12-30T08:21:06.4126804Z ^^^^^^^^^^^^^^^^^^^^^^^ 2024-12-30T08:21:06.4126830Z File "/tmp/8dd26616c5a756c/antenv/lib/python3.12/site-packages/botframework/connector/auth/microsoft_app_credentials.py", line 63, in get_access_token 2024-12-30T08:21:06.4126856Z raise PermissionError( 2024-12-30T08:21:06.4126894Z PermissionError: Failed to get access token with error: invalid_client, error_description: AADSTS7000216: 'client_assertion', 'client_secret' or 'request' is required for the 'client_credentials' grant type. Trace ID: 8e5710cf-fb1c-4b48-bfae-8675d6c35100 Correlation ID: 4e744cf8-adc7-49fb-bb94-4b5fb4451f7a Timestamp: 2024-12-30 08:21:06Z 2024-12-30T08:21:06.5315722Z ERROR:root:Error processing activity: Failed to get access token with error: invalid_client, error_description: AADSTS7000216: 'client_assertion', 'client_secret' or 'request' is required for the 'client_credentials' grant type. Trace ID: 1fb0582e-fc6d-4351-ae91-a8aab6d17000 Correlation ID: 0950f1a0-e218-4ba2-8518-f632037d4937 Timestamp: 2024-12-30 08:21:06Z

The above error is occurring for the below line of code.
await turn_context.send_activity("This is a hardcoded reply")

Could you please help out with this error we are facing.
Thank You.

@Prasad-MSFT
Copy link
Collaborator

@MKP-Sonata, we will check this with engineering team internally and will get back to you once we have any update to share. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Meghana-MSFT Meghana-MSFT

Labels
needs-triage 🔍
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Prasad-MSFT @Meghana-MSFT @arshad98786 @MKP-Sonata