Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

accessTokens.json deprecation #19707

Closed
jiasli opened this issue Sep 28, 2021 · 1 comment
Closed

accessTokens.json deprecation #19707

jiasli opened this issue Sep 28, 2021 · 1 comment
Assignees
@jiasli
Labels
Account az login/account feature-request MSAL
Milestone
Oct 2021 (2021-11...

Comments

@jiasli
Copy link
Member

jiasli commented Sep 28, 2021

Context

When a user runs az login, it saves ADAL refresh tokens and access tokens to ~/.azure/accessToken.json. Azure CLI users or SDKs may use accessToken.json to authenticate to Azure APIs.

Explanation

Azure CLI is a python application and each command execution is a separate process, so commands don't share the same memory space and credentials can't be saved at process level.

accessTokens.json deprecation

After #18944, Azure CLI will use MSAL and will no longer generate accessTokens.json. Tokens will be saved to an encrypted token cache using MSAL extension.

The MSAL token cache will be encrypted on Windows, macOS and Linux with a desktop environment; therefore, directly accessing the MSAL token cache will not work. Any existing workflow depending on accessTokens.json will stop working.

Alternatives

Below are several alternatives you may consider:

Calling az account get-access-token

You can manually call az account get-access-token in a terminal or use subprocess to call it from another programming language.

Using AzureCliCredential

AzureCliCredential is a credential type in all existing language SDKs. It internally uses subprocess to call az account get-access-token to gets an access token from current logged in Azure CLI accounts.
@ghost ghost added the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Sep 28, 2021
@yonzhan yonzhan added the Account az login/account label Sep 28, 2021
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Sep 28, 2021
@yonzhan yonzhan added this to the Oct 2021 (2021-11-02) milestone Sep 28, 2021
@yonzhan
Copy link
Collaborator

yonzhan commented Sep 28, 2021

accessTokens deprecation

@jiasli jiasli added the MSAL label Oct 15, 2021
@yonzhan yonzhan closed this as completed Oct 29, 2021
@Azure Azure locked and limited conversation to collaborators Nov 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jiasli jiasli

Labels
Account az login/account feature-request MSAL
Projects
None yet
Milestone
Oct 2021 (2021-11-02) - For Ignite
Development

No branches or pull requests
2 participants
@jiasli @yonzhan