[BUG] Azure DevOps authentication via 'az login' does not always work

[timjansenortec]

Describe the bug
When installing a custom agent, the installed md file is an html from ADO saying I am not logged in.

To Reproduce
logged in via 'az login'
using an apm.yml like this:

name: SomeApp
version: 1.0.0
description: SomeDescription
author: SomeAuthor
dependencies:
  apm:
  - https://dev.azure.com/SomeAzureDevOpsOrganization/SomeProject/_git/some-repo/agents/some-agent.agent.md
  mcp: []
includes: []
scripts: {}

then run:
set APM_DEBUG=1
apm update --verbose

output:

[DEBUG] Token setup: has_github_token=False, has_gitlab_token=False, has_ado_token=False, has_artifactory_token=False
[>] Resolving some-repo-backend-coding...
Resolved 1 direct dependencies (no transitive)
Phase: resolve -> 0.995s
[i] Update plan for apm.yml

  [+] SomeAzureDevOpsOrganization/SomeProject/some-repo/agents/some-agent.agent.md
      ref: - (-, new)

  1 added
  [+] added

Apply these changes? [y/N]: y
[i] No org policy found for dev.azure.com/SomeAzureDevOpsOrganization/.github
Phase: policy_gate -> 1.713s
[i] Targets: copilot  (source: auto-detect from .github/agents/, .github/copilot-instructions.md)
Phase: targets -> 0.018s
Phase: policy_target_check -> 0.000s
[DEBUG] Token setup: has_github_token=False, has_gitlab_token=False, has_ado_token=False, has_artifactory_token=False
[DEBUG] build_repo_url: host=dev.azure.com, kind=ado, dep_ref=present, ado_org=SomeAzureDevOpsOrganization
Preflight: dev.azure.com/SomeAzureDevOpsOrganization -- accepted
Phase: download -> 0.000s
  [+] dev.azure.com/SomeAzureDevOpsOrganization/SomeProject/some-repo/agents/some-agent.agent.md #main
    Auth: AAD_BEARER_AZ_CLI (unknown)
  |-- (files unchanged)
Phase: integrate -> 0.673s
Phase: cleanup -> 0.000s
Generated apm.lock.yaml with 1 dependencies
cache-pin: remote dep 'SomeAzureDevOpsOrganization/SomeProject/some-repo' has no resolved_commit; drift cannot verify its cache freshness. Re-run 'apm install' with
a pinned ref (commit, tag, or specific branch HEAD).
Phase: post_deps_local -> 0.000s
Phase: audit -> 0.012s
[#] Perf: 3 walks, 1 file matches, 6 files visited, 0.002s total walk time
[#] Perf:   apm_modules\SomeAzureDevOpsOrganization\SomeProject\some-repo-backend-coding: 3 walk(s) (2ms, 6 files visited, 1 matched)
[#] Perf: discovery: 4 call(s) (1 unique base(s), 3 cache hit(s), 75%)
Phase: finalize -> 0.000s
Updated 1 APM dependencies.

result:
File some-agent.agent.md will contain some html indicating that call was not authenticated:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
<html lang="en-US">
<head><title>
	
            Azure DevOps Services | Sign In
        
</title><meta http-equiv="X-UA-Compatible" content="IE=11;&#32;IE=10;&#32;IE=9;&#32;IE=8" />
    <link rel="SHORTCUT ICON" href="/favicon.ico"/>
...

Expected behavior
I expect that the correct md file is installed, or that I get an error that I need to login.

Environment (please complete the following information):

• OS: Windows 10
• Python 3.14.5
• APM Version: 0.18.0

Additional context
If I try to install an individual skill, it does work. But it seems downloading goes through a different path.
The output contains lines like this:
Partial clone (--filter=blob:none) failed ...
[DEBUG] _clone_with_fallback: ...

I have tried adding some logging to the code to see what is happening.
It is not clear to me yet, but this is what I have seen with version 0.16.1:

• in the resolve phase:
  apm gets into function 'download_ado_file' without fetching a bearer token via 'az'
  since there there are not credentials attached to the request, ado is giving back the html file which is then saved in apm_modules
  note that ado does not give a 401 for these situations
• in the apply phase:
  apm does go through azure_cli.get_bearer_token, and succesfully gets a token
  the file is download again and saved again in apm_modules, still contains html, so apparently the bearer token is not attached?
  it seems the token is only used as a fallback, but somehow I don't get into that path.

Additionally I had to fix an error with 'az login' itself.
While trying to find out what was happening, I found out that 'az login' was giving an error like this
SubError: basic_action V2Error: invalid_grant AADSTS50078: Presented multi-factor authentication has expired due to policies configured by your administrator
APM did not report this in it's output (bug?)
Had to do this to fix it:
az logout
az login --tenant --scope "499b84ac-1321-427f-aa17-267ca6975798/.default"
After this fix, download the custom agent still failed.

[timjansenortec]

note that apm install gives the same result:
apm install --verbose

[github-actions]

Triage decision

accept

(Note: type/bug, status/accepted, and status/shepherding were already applied by a maintainer and are authoritative. Adding theme/security, area/enterprise, area/docs-site, priority/high, and status/triaged as new classification dimensions.)

Proposed labels

theme/security
area/enterprise
area/docs-site
type/bug
status/accepted
priority/high

Milestone

null

Suggested next action

Fix download_ado_file to acquire the AAD bearer token before the first HTTP request (not as fallback), and add content-type validation that fails loudly when ADO returns an HTML error page instead of the expected file.

Suggested issue comment

Thanks for the detailed debugging, @timjansenortec -- tracing into download_ado_file, identifying the token-as-fallback pattern, and noting the MFA expiry issue not being surfaced are all high-value findings.

Two issues here that should be fixed:

Issue 1 (primary): download_ado_file uses the AAD bearer token from az login as a fallback rather than attempting auth first. For ADO repos that require authentication (the majority), the first unauthenticated attempt returns an HTML sign-in page instead of a 401, so APM never reaches the authenticated retry path. The fix is to attempt token acquisition before the first request, not after a non-401 failure.

Issue 2 (secondary): APM does not validate that the downloaded content is the expected file type. When ADO returns an HTML error page, it is written to disk as if it were the agent file. APM should detect HTML content (e.g., by checking Content-Type or the first bytes of the response) and fail with a clear error: [x] ADO returned an authentication error page. Run 'az login' and retry.

The MFA expiry error from az login not being surfaced in APM output is also a gap -- any az login failure should propagate as a visible error, not a silent token-not-found state.

This is a security-relevant auth boundary bug affecting Windows enterprise users and is accepted as high priority.

Per-lens notes (collapsed)

DevX UX Expert -- User-Need Reviewer

Silent failure (HTML written as agent file, reported as success) is the worst possible failure mode for an install operation. The user has no way to know the install failed until they inspect the installed file. The fix (fail loudly with a clear error) is straightforward and essential. The error message should name the root cause (auth error) and the next action (az login), not just the symptom.

Supply Chain Security Expert -- Risk-Surface Reviewer

This is an auth boundary failure: APM installs unauthenticated content (an HTML redirect page) into the agent's context directory without verifying integrity or provenance. The fix must: (1) ensure auth is attempted before download (not as fallback), (2) validate content-type on download, (3) fail closed when auth cannot be established. The MFA expiry gap is also a security signal issue -- suppressing auth errors is always a security concern. theme/security + area/enterprise is correct.

OSS Growth Hacker -- Contributor-Tone Reviewer

timjansenortec (NONE association) did significant source-level debugging, including adding their own logging and identifying specific code paths. Highly engaged contributor. Tone is expert/peer, acknowledging the depth of investigation and naming both issues found to show the full scope of their report was read.

Python Architect -- Architecture Reviewer

Fix is bounded to the ADO integrator download path: (1) always acquire the AAD bearer token before the first HTTP request to dev.azure.com, not as fallback; (2) check the response Content-Type header and body prefix for HTML; (3) surface az login errors (including MFA expiry) as APM errors rather than silently setting has_ado_token=False. No new cross-cutting design needed.

Doc Writer -- Documentation Reviewer

The authentication docs for ADO (in packages/apm-guide/.apm/skills/apm-usage/authentication.md) should be updated to clarify the az login prerequisite, including MFA requirements, and to document what APM shows when auth fails. area/docs-site rides as a secondary label.

APM CEO -- Triage Arbiter

ADO auth failure is a critical enterprise pain point. Windows enterprise users (primary ADO consumers) hitting this on install is a serious adoption blocker. The auth boundary failure (writing HTML content as agent files) is also a trust issue. theme/security + area/enterprise + priority/high is correct. Already accepted; no new strategic decision needed beyond confirming the priority.

{
  "decision": "accept",
  "decision_detail": "",
  "theme": "theme/security",
  "areas": ["area/enterprise", "area/docs-site"],
  "type": "type/bug",
  "status": "status/accepted",
  "priority": "priority/high",
  "preserved_labels": [],
  "milestone": null,
  "next_action": "Fix download_ado_file to acquire AAD bearer token before the first request (not as fallback), and add content-type validation that fails loudly when ADO returns an HTML error page."
}

---

Triage status: agentic proposal pending human ratification.
Silence is approval. Maintainers can:

• Override any label or milestone above by editing it directly --
  human edits are authoritative and will not be reverted on
  subsequent runs.
• Re-trigger triage by applying the status/needs-triage label, or
  by removing status/triaged to enroll the issue in the next
  daily sweep.

Posted by the Triage Panel workflow. See .apm/skills/apm-triage-panel for the panel skill.

Generated by Triage Panel · sonnet46 6.5M · ◷