Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Support tenant_id kwarg in get_token #21289

Open
jiasli opened this issue Feb 14, 2022 · 1 comment
Open

[Feature Request] Support tenant_id kwarg in get_token #21289

jiasli opened this issue Feb 14, 2022 · 1 comment
Assignees
@jiasli
Labels
Core CLI core infrastructure Discussion feature-request
Milestone
Backlog

Comments

@jiasli
Copy link
Member

jiasli commented Feb 14, 2022

Context

azure-keyvault-keys==4.5.0b5 made a breaking change for authentication:

It uses azure-identity's new multi-tenant authentication API get_token(tenant_id=...) from

After azure-keyvault-keys==4.5.0b5 was released, Azure CLI pinned azure-keyvault-keys to 4.5.0b4 as a quick fix (#20880).

Later on, tenant_id is discarded in get_token as another quick fix to support new azure-keyvault-keys (#21244).

Now, azure-storage-blob will also implement authentication challenge (#20969). Even though azure-storage-blob currently doesn't pass tenant_id to get_token, it is possible this will be implemented in the future.

Proposed solution

Azure CLI should support get_token(tenant_id=...) API like azure-identity, so that Azure CLI can get an access token for another tenant using the refresh token of the current tenant.

Additional context

This approach adds additional complexity in error handling. Without this feature, if tenants don't match, we can simply fail with

The tenant in the authentication challenge doesn't match the current tenant.

However, if this is supported, and refreshing fails due to reasons such as conditional access (MFA), we will show another error message like

Authentication failed because MFA is needed.
@ghost ghost added the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Feb 14, 2022
@yonzhan
Copy link
Collaborator

yonzhan commented Feb 14, 2022

Support tenant_id kwarg

@yonzhan yonzhan added the Core CLI core infrastructure label Feb 14, 2022
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Feb 14, 2022
@yonzhan yonzhan added this to the Backlog milestone Feb 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
Core CLI core infrastructure Discussion feature-request
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
2 participants
@jiasli @yonzhan