tre cli authentication? #4569
Description
What am I doing wrong here when trying to login with the tre cli?...
I've tried authenticating with device code as follows:
vscode ➜ / $ tre login device-code --base-url https://mytre.com
api_scope: api://7d6526a2-baef-4c6e-836d-xxxxxxxxxxxx/user_impersonation
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXXXX to authenticate.
Error: Failed to get access token: ${'error': 'invalid_client', 'error_description': "AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 99444145-d8bf-4bec-864a-9c5ac7675800 Correlation ID: 4371cc63-849e-42b1-8502-1d983fad2e67 Timestamp: 2025-05-25 11:02:57Z", 'error_codes': [7000218], 'timestamp': '2025-05-25 11:02:57Z', 'trace_id': '99444145-d8bf-4bec-864a-9c5ac7675800', 'correlation_id': '4371cc63-849e-42b1-8502-1d983fad2e67', 'error_uri': 'https://login.microsoftonline.com/error?code=7000218'}
And also tried client credentials, which gets slightly further, but then fails due to a role error:
vscode ➜ / $ tre login client-credentials --base-url https://mytre.com --client-id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX --client-secret XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Login details saved
vscode ➜ / $ tre workspaces list
{
"status_code": 403,
"body": "The user is missing a required role: ['TREUser', 'TREAdmin']"
}
(Note: The URL I am passing for the --base-url parameter contains my custom domain (configured with the custom_domain secret), rather than the default cloudapp.azure.com domain. I have tried replacing the domain in the --base-url parameter with the default cloudapp.azure.com domain, however this causes the logon process to fail with a certificate error.)