You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a user runs az login, it saves ADAL refresh tokens and access tokens to ~/.azure/accessToken.json. Azure CLI users or SDKs may use accessToken.json to authenticate to Azure APIs.
Explanation
Azure CLI is a python application and each command execution is a separate process, so commands don't share the same memory space and credentials can't be saved at process level.
accessTokens.json deprecation
After #18944, Azure CLI will use MSAL and will no longer generate accessTokens.json. Tokens will be saved to an encrypted token cache using MSAL extension.
The MSAL token cache will be encrypted on Windows, macOS and Linux with a desktop environment; therefore, directly accessing the MSAL token cache will not work. Any existing workflow depending on accessTokens.json will stop working.
Alternatives
Below are several alternatives you may consider:
Calling az account get-access-token
You can manually call az account get-access-token in a terminal or use subprocess to call it from another programming language.
Using AzureCliCredential
AzureCliCredential is a credential type in all existing language SDKs. It internally uses subprocess to call az account get-access-token to gets an access token from current logged in Azure CLI accounts.
The text was updated successfully, but these errors were encountered:
ghost
added
the
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
label
Sep 28, 2021
Context
When a user runs
az login
, it saves ADAL refresh tokens and access tokens to~/.azure/accessToken.json
. Azure CLI users or SDKs may useaccessToken.json
to authenticate to Azure APIs.Explanation
Azure CLI is a python application and each command execution is a separate process, so commands don't share the same memory space and credentials can't be saved at process level.
accessTokens.json
deprecationAfter #18944, Azure CLI will use MSAL and will no longer generate
accessTokens.json
. Tokens will be saved to an encrypted token cache using MSAL extension.The MSAL token cache will be encrypted on Windows, macOS and Linux with a desktop environment; therefore, directly accessing the MSAL token cache will not work. Any existing workflow depending on
accessTokens.json
will stop working.Alternatives
Below are several alternatives you may consider:
Calling
az account get-access-token
You can manually call
az account get-access-token
in a terminal or use subprocess to call it from another programming language.Using
AzureCliCredential
AzureCliCredential
is a credential type in all existing language SDKs. It internally uses subprocess to callaz account get-access-token
to gets an access token from current logged in Azure CLI accounts.The text was updated successfully, but these errors were encountered: