azurerm_azuread_application - incorrect bearer token being used

[hbuckle]

When using the new azurerm_azuread_application resource with Azure CLI authentication it intermittently fails with the following error

azurerm_azuread_application.azuread_application: graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authentication_MissingOrMalformed","date":"2018-07-12T14:52:03","message":{"lang":"en","value":"Access Token missing or malformed."},"requestId":"7e268721-aa67-42da-97ef-43fb81a2b68e","values":null}}]

On inspecting the logs the bearer token being sent is for management.core.windows.net rather than graph.windows.net.

{
  "aud": "https://management.core.windows.net/",
  "iss": "https://sts.windows.net/xxx/",
  "iat": 1531404067,
  "nbf": 1531404067,
  "exp": 1531407967,
  "acr": "1",
...
}

The accessToken.json file contains several token entries so it appears the wrong one is being used.

[tombuildsstuff]

I believe this'll be fixed by #1544

[tombuildsstuff]

Fixed via #1544

[tombuildsstuff]

hi @hbuckle

Just to let you know that is now available in [v1.10 of the AzureRM Provider(https://github.com/terraform-providers/terraform-provider-azurerm/blob/v1.10.0/CHANGELOG.md#1100-july-21-2018) - which you can update to this version by specifying it in the Provider block, like so:

provider "azurerm" {
  version = "=1.10.0"
}

Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!