Az Login --Service-Principal Broken Auth

[WilliamDShiell]

Describe the bug

Attempting to Authenticate into Azure from CLI using the following command:
az login --service-principal --username "INSERT APP ID" --password "INSERT SECRET" --tenant "INSERT TENANT ID"

Receiving the following error message back:
powershell.exe : ERROR: AADSTS700016: Application with identifier 'INSERT APP ID' was not found in the directory 'Microsoft Services'. This can happen if the
application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

Can confirm App Id, Tenant Id and Secret are correct as attempting Authentication with the equivalent PowerShell Command works as expected

Related command

az login --service-principal --username "INSERT APP ID" --password "INSERT SECRET" --tenant "INSERT TENANT ID"

Errors

powershell.exe : ERROR: AADSTS700016: Application with identifier 'INSERT APP ID' was not found in the directory 'Microsoft Services'. This can happen if the
application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

Issue script & Debug output

powershell.exe : ERROR: AADSTS700016: Application with identifier 'INSERT APP ID' was not found in the directory 'Microsoft Services'. This can happen if the
application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

Expected behavior

Authenticate to Azure as expected.

Environment Summary

azure-cli 2.56.0 *

core 2.56.0 *
telemetry 1.1.0

Extensions:
logicapp 0.1.2

Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\wshiell.azure\cliextensions'

Python (Windows) 3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:38:34) [MSC v.1936 64 bit (AMD64)]

Legal docs and information: aka.ms/AzureCliLegal

Additional context

Attempted Troubleshooting:

1. Attempt to Connect using Connect-AzAccount with same values, works as expected.
2. Attempt to connect with Azure Cloud Shell Bash, also fails.

[azure-client-tools-bot-prd]

Hi @WilliamDShiell,

2.56.0 is not the latest Azure CLI(2.67.0).

If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

[yonzhan]

Thank you for opening this issue, we will look into it.

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• Problem az login with service principal #26024

[WilliamDShiell]

Adding Azure Ticket to maintain tracking: 2411140040012308
Additionally attempted with latest version of CLI on Azure Cloud Shell, ran into same issue.

[jiasli]

Can confirm App Id, Tenant Id and Secret are correct as attempting Authentication with the equivalent PowerShell Command works as expected

I don't think this is true. Azure CLI and Azure PowerShell use the same client credentials flow to authenticate.

AADSTS700016 is returned by Microsoft Entra ID service, not Azure CLI. It is very likely you have provided the wrong client ID and tenant ID combination. There is no other reported issue regarding AADSTS700016: https://github.com/Azure/azure-cli/issues?q=is%3Aissue%20state%3Aopen%20AADSTS700016

Please work with customer support to resolve it.