Azure ARM interactive login does not work if user has limited permissions in AzureAD

[alexvy86]

Overview of the Issue

I'm trying to run Packer with interactive authentication but after I input the code in the device login screen and select the account to use (which has Owner role on the Azure subscription specified in my Packer template), I get the screen below, which suggests Packer is trying to do something in AzureAD. But my user is not allowed to register applications there, and I don't see why Packer would need to do anything in AureAD to work when using interactive authentication (in fact the same template works in the nightly build of Packer 1.6.6 if I add "use_azure_cli_auth": true and remove the "subscription_id" property in the builder).

Reproduction Steps

(These instructions are for Powershell, minor adjustments might be required for other environments)

1. Run packer build -var 'subscription_id=<your-subscription-id>' .\<template-file-name>.json with the template file below.
2. When prompted, navigate to https://microsoft.com/devicelogin and enter the code.
3. When prompted for which account to log in as, select one that has Owner role on the Azure subscription, but no permissions to register applications in AzureAD.
4. See the prompt shown above.

At this point I can make no more progress and have to let Packer timeout. Ctrl-C will make the "Cancelling build after receiving interrupt" message appear, but it doesn't stop it until the natural timeout occurs.

Packer version

1.6.5 and 1.6.6

Simplified Packer Buildfile

{
    "variables": {
        "subscription_id": ""
      },
      "builders": [
            {
                "type": "azure-arm",
            
                "subscription_id": "{{user `subscription_id`}}",
            
                "build_resource_group_name": "preexisting-resource-group",
            
                "os_type": "Windows",
                "image_publisher": "MicrosoftWindowsServer",
                "image_offer": "WindowsServer",
                "image_sku": "2019-Datacenter",
            
                "vm_size": "Standard_B2ms",
                
                "virtual_network_name": "my-vnet-name",
                "virtual_network_subnet_name": "my-subnet-name",
                "virtual_network_resource_group_name": "my-network-resourcegroup",
            
                "managed_image_name": "test-image",
                "managed_image_resource_group_name": "preexisting-resource-group"
            }
      ]
}

Operating system and Environment details

Windows 10 Enterprise build 18363 (64 bit)

Log Fragments and crash.log files

N/A

[daviddob]

@alexvy86 Just ran into the same issue - swapping to "use_azure_cli_auth": true and removing "subscription_id" as you suggested worked out as well. This was run with packer v1.6.6

[ghost]

This issue has been automatically migrated to hashicorp/packer-plugin-azure#55 because it looks like an issue with that plugin. If you believe this is not an issue with the plugin, please reply to hashicorp/packer-plugin-azure#55.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.