[
https://issues.apache.org/jira/browse/HADOOP-17363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18043710#comment-18043710
]
ASF GitHub Bot commented on HADOOP-17363:
-----------------------------------------
github-actions[bot] commented on PR #2445:
URL: https://github.com/apache/hadoop/pull/2445#issuecomment-3629624924
We're closing this stale PR because it has been open for 100 days with no
activity. This isn't a judgement on the merit of the PR in any way. It's just a
way of keeping the PR queue manageable.
If you feel like this was a mistake, or you would like to continue working
on it, please feel free to re-open it and ask for a committer to remove the
stale tag and review again.
Thanks all for your contribution.
> ABFS does not work with OAuth 2.0: Username and Password
> --------------------------------------------------------
>
> Key: HADOOP-17363
> URL: https://issues.apache.org/jira/browse/HADOOP-17363
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs/azure
> Affects Versions: 3.3.0
> Reporter: Matsushita Shin
> Priority: Major
> Labels: pull-request-available
> Time Spent: 40m
> Remaining Estimate: 0h
>
> https://hadoop.apache.org/docs/current/hadoop-azure/abfs.html
> I have tried OAuth 2.0 authentication with the username and password written
> above.
> However, it failed with the following exception.
> ~~~
> Exception in thread "main" HTTP Error 400;
> url='https://login.microsoftonline.com/3070a5de-410e-4885-XXXX-XXXXXXXXXXXX/oauth2/token'
> AADToken: HTTP connection to
> https://login.microsoftonline.com/3070a5de-410e-4885-XXXX-XXXXXXXXXXXX/oauth2/token
> failed for getting token from AzureAD.;
> requestId='187c97a4-82a0-4b36-b764-XXXXXXXXXXXX';
> contentType='application/json; charset=utf-8'; response
> '{"error":"unauthorized_client","error_description":"AADSTS700016:
> Application with identifier 'jiro' was not found in the directory
> '3070a5de-410e-4885-XXXX-XXXXXXXXXXXX'. This can happen if the application
> has not been installed by the administrator of the tenant or consented to by
> any user in the tenant. You may have sent your authentication request to the
> wrong tenant.\r\nTrace ID:
> 187c97a4-82a0-4b36-b764-a3b8b1c45201\r\nCorrelation ID:
> 4eb4a71e-2eef-4788-9c8c-24f4c84f6981\r\nTimestamp: 2020-11-07
> 11:49:21Z","error_codes":[700016],"timestamp":"2020-11-07
> 11:49:21Z","trace_id":"187c97a4-82a0-4b36-b764-a3b8b1c45201","correlation_id":"4eb4a71e-2eef-4788-9c8c-24f4c84f6981","error_uri":"https://login.microsoftonline.com/error?code=700016"}'org.apache.hadoop.fs.azurebfs.oauth2.AzureADAuthenticator$HttpException:
> HTTP Error 400;
> url='https://login.microsoftonline.com/3070a5de-410e-4885-b6cd-95fe759ced2b/oauth2/token'
> AADToken: HTTP connection to
> https://login.microsoftonline.com/3070a5de-410e-4885-XXXX-XXXXXXXXXXXX/oauth2/token
> failed for getting token from AzureAD.;
> requestId='187c97a4-82a0-4b36-b764-XXXXXXXXXXXX';
> contentType='application/json; charset=utf-8'; response
> '{"error":"unauthorized_client","error_description":"AADSTS700016:
> Application with identifier 'jiro' was not found in the directory
> '3070a5de-410e-4885-XXXX-XXXXXXXXXXXX'. This can happen if the application
> has not been installed by the administrator of the tenant or consented to by
> any user in the tenant. You may have sent your authentication request to the
> wrong tenant.\r\nTrace ID:
> 187c97a4-82a0-4b36-b764-a3b8b1c45201\r\nCorrelation ID:
> 4eb4a71e-2eef-4788-9c8c-24f4c84f6981\r\nTimestamp: 2020-11-07
> 11:49:21Z","error_codes":[700016],"timestamp":"2020-11-07
> 11:49:21Z","trace_id":"187c97a4-82a0-4b36-b764-a3b8b1c45201","correlation_id":"4eb4a71e-2eef-4788-9c8c-24f4c84f6981","error_uri":"https://login.microsoftonline.com/error?code=700016"}'
> at
> org.apache.hadoop.fs.azurebfs.services.AbfsRestOperation.executeHttpOperation(AbfsRestOperation.java:215)
> at
> org.apache.hadoop.fs.azurebfs.services.AbfsRestOperation.execute(AbfsRestOperation.java:134)
> at
> org.apache.hadoop.fs.azurebfs.services.AbfsClient.createPath(AbfsClient.java:293)
> at
> org.apache.hadoop.fs.azurebfs.AzureBlobFileSystemStore.createDirectory(AzureBlobFileSystemStore.java:445)
> at
> org.apache.hadoop.fs.azurebfs.AzureBlobFileSystem.mkdirs(AzureBlobFileSystem.java:409)
> at org.apache.hadoop.fs.FileSystem.mkdirs(FileSystem.java:2355)
> at com.sample.HelloWorld.main(HelloWorld.java:116)
> Caused by:
> org.apache.hadoop.fs.azurebfs.oauth2.AzureADAuthenticator$HttpException: HTTP
> Error 400;
> url='https://login.microsoftonline.com/3070a5de-410e-XXXX-XXXXXXXXXXXX/oauth2/token'
> AADToken: HTTP connection to
> https://login.microsoftonline.com/3070a5de-410e-4885-XXXX-XXXXXXXXXXXX/oauth2/token
> failed for getting token from AzureAD.;
> requestId='187c97a4-82a0-4b36-b764-a3b8b1c45201';
> contentType='application/json; charset=utf-8'; response
> '{"error":"unauthorized_client","error_description":"AADSTS700016:
> Application with identifier 'jiro' was not found in the directory
> '3070a5de-410e-4885-XXXX-XXXXXXXXXXXX'. This can happen if the application
> has not been installed by the administrator of the tenant or consented to by
> any user in the tenant. You may have sent your authentication request to the
> wrong tenant.\r\nTrace ID:
> 187c97a4-82a0-4b36-b764-a3b8b1c45201\r\nCorrelation ID:
> 4eb4a71e-2eef-4788-9c8c-24f4c84f6981\r\nTimestamp: 2020-11-07
> 11:49:21Z","error_codes":[700016],"timestamp":"2020-11-07
> 11:49:21Z","trace_id":"187c97a4-82a0-4b36-b764-a3b8b1c45201","correlation_id":"4eb4a71e-2eef-4788-9c8c-24f4c84f6981","error_uri":"https://login.microsoftonline.com/error?code=700016"}'
> at
> org.apache.hadoop.fs.azurebfs.oauth2.AzureADAuthenticator.getTokenSingleCall(AzureADAuthenticator.java:394)
> at
> org.apache.hadoop.fs.azurebfs.oauth2.AzureADAuthenticator.getTokenCall(AzureADAuthenticator.java:291)
> at
> org.apache.hadoop.fs.azurebfs.oauth2.AzureADAuthenticator.getTokenCall(AzureADAuthenticator.java:273)
> at
> org.apache.hadoop.fs.azurebfs.oauth2.AzureADAuthenticator.getTokenUsingClientCreds(AzureADAuthenticator.java:96)
> at
> org.apache.hadoop.fs.azurebfs.oauth2.UserPasswordTokenProvider.refreshToken(UserPasswordTokenProvider.java:54)
> at
> org.apache.hadoop.fs.azurebfs.oauth2.AccessTokenProvider.getToken(AccessTokenProvider.java:50)
> at
> org.apache.hadoop.fs.azurebfs.services.AbfsClient.getAccessToken(AbfsClient.java:670)
> at
> org.apache.hadoop.fs.azurebfs.services.AbfsRestOperation.executeHttpOperation(AbfsRestOperation.java:168)
> ... 6 more
> ~~~
> The cause of the error seems to be that UserPasswordTokenProvider is calling
> getTokenUsingClientCreds() for the service principal.
> https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc
> I checked the API specifications of Azure and fixed the cause of this error.
> After this, I plan to create a Pull Request.
> Best regards,
> Shin
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
