"Failed to authenticate using the supplied token" with service principal token

Related command echo "my service principal token" | az devops login --organization https://dev.azure.com/my_org/

Describe the bug Failed to authenticate using the supplied token on the command: PS C:\Users\my_org> echo "my service principal token" | az devops login --organization https://dev.azure.com/my_org --debug but successfully login with set my service principal token in $env:AZURE_DEVOPS_EXT_PAT

stacktrace: cli.knack.cli: Command arguments: ['devops', 'login', '--organization', 'https://dev.azure.com/my_org', '--debug'] cli.knack.cli: init debug log: Enable color in terminal. Enable VT mode. cli.knack.cli: Event: Cli.PreExecute [] cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x01ABB3D0>, <function OutputProducer.on_global_arguments at 0x036A8B68>, <function CLIQuery.on_global_arguments at 0x036C57C0>] cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate [] cli.azure.cli.core: Modules found from index for 'devops': ['azext_devops'] cli.azure.cli.core: Loading command modules: cli.azure.cli.core: Name Load Time Groups Commands cli.azure.cli.core: Total (0) 0.000 0 0 cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next'] cli.azure.cli.core: Loading extensions: cli.azure.cli.core: Name Load Time Groups Commands Directory cli.azure.cli.core: azure-devops 0.073 60 191 C:\Users\my_org.azure\cliextensions\azure-devops cli.azure.cli.core: Total (1) 0.073 60 191 cli.azure.cli.core: Loaded 60 groups, 191 commands. cli.azure.cli.core: Found a match in the command table. cli.azure.cli.core: Raw command : devops login cli.azure.cli.core: Command table: devops login cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x04365B68>] cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\my_org.azure\commands\2023-01-23.15-34-29.devops_login.84228.log'. az_command_data_logger: command args: devops login --organization {} --debug cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x047F5028>] cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad [] cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x047F5100>, <function register_cache_arguments..add_cache_arguments at 0x04800658>] cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded [] cli.knack.cli: Event: CommandInvoker.OnPreParseArgs [] cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x036A8BB0>, <function CLIQuery.handle_query_parameter at 0x036C5808>, <function register_ids_argument..parse_ids_arguments at 0x04800610>, <function DevCommandsLoader.post_parse_args at 0x0485C6E8>] az_command_data_logger: extension name: azure-devops az_command_data_logger: extension version: 0.25.0 cli.knack.prompting: No tty available. cli.azext_devops.dev.team.credentials: Getting PAT token in non-interactive mode. cli.azext_devops.dev.team.credentials: Creating connection with personal access token. msrest.universal_http.requests: Configuring retry: max_retries=3, backoff_factor=0.8, max_backoff=90 msrest.universal_http.requests: Configuring retry: max_retries=3, backoff_factor=0.8, max_backoff=90 azext_devops.devops_sdk._file_cache: Cache file does not exist: C:\Users\my_org.azure-devops\python-sdk\cache\options.json azext_devops.devops_sdk.client: File cache miss for options on: https://dev.azure.com/my_org azext_devops.devops_sdk.client: OPTIONS https://dev.azure.com/my_org/_apis msrest.universal_http: Configuring redirects: allow=True, max=30 msrest.universal_http: Configuring request: timeout=100, verify=True, cert=None msrest.universal_http: Configuring proxies: '' msrest.universal_http: Evaluate proxies against ENV settings: True urllib3.connectionpool: Starting new HTTPS connection (1): dev.azure.com:443 urllib3.connectionpool: https://dev.azure.com:443 "OPTIONS /my_org/_apis HTTP/1.1" 401 0 msrest.exceptions: The requested resource requires user authentication: https://dev.azure.com/my_org/_apis cli.azext_devops.dev.team.credentials: The requested resource requires user authentication: https://dev.azure.com/my_org/_apis Traceback (most recent call last): File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\dev\team\credentials.py", line 63, in _verify_token connection_data = location_client.get_connection_data() File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\v5_0\location\location_client.py", line 26, in get_connection_data response = self._send(http_method='GET', File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 60, in _send request = self._create_request_message(http_method=http_method, File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 105, in _create_request_message location = self._get_resource_location(location_id) File "C:\Users\vsvmy_orgirski.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 135, in _get_resource_location Client._locations_cache[self.config.base_url] = self._get_resource_locations(all_host_types=False) File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 171, in _get_resource_locations response = self._send_request(request, headers=headers) File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 54, in _send_request self._handle_error(request, response) File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 253, in _handle_error raise AzureDevOpsAuthenticationError(full_message_format.format(error_message=error_message, azext_devops.devops_sdk.exceptions.AzureDevOpsAuthenticationError: The requested resource requires user authentication: https://dev.azure.com/my_org/_apis cli.azext_devops.dev.common.exception_handler: handling generic error cli.azure.cli.core.util: azure.cli.core.util.handle_exception is called with an exception: cli.azure.cli.core.util: Traceback (most recent call last): File "C:\Users\vsvmy_orgirski.azure\cliextensions\azure-devops\azext_devops\dev\team\credentials.py", line 63, in _verify_token connection_data = location_client.get_connection_data() File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\v5_0\location\location_client.py", line 26, in get_connection_data response = self._send(http_method='GET', File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 60, in _send request = self._create_request_message(http_method=http_method, File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 105, in _create_request_message location = self._get_resource_location(location_id) File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 135, in _get_resource_location Client._locations_cache[self.config.base_url] = self._get_resource_locations(all_host_types=False) File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 171, in _get_resource_locations response = self._send_request(request, headers=headers) File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 54, in _send_request self._handle_error(request, response) File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 253, in _handle_error raise AzureDevOpsAuthenticationError(full_message_format.format(error_message=error_message, azext_devops.devops_sdk.exceptions.AzureDevOpsAuthenticationError: The requested resource requires user authentication: https://dev.azure.com/my_org/_apis

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 663, in execute File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 726, in _run_jobs_serially File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 718, in _run_job File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\dev\common\exception_handler.py", line 31, in azure_devops_exception_handler reraise(*sys.exc_info()) File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\six.py", line 719, in reraise File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 697, in _run_job File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 333, in call File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\dev\team\credentials.py", line 29, in credential_set _verify_token(organization=organization, token=token) File "C:\Users\my_org.azure\cliextensions\azure-devops\azext_devops\dev\team\credentials.py", line 66, in _verify_token raise CLIError("Failed to authenticate using the supplied token.") knack.util.CLIError: Failed to authenticate using the supplied token.

cli.azure.cli.core.azclierror: Failed to authenticate using the supplied token. az_command_data_logger: Failed to authenticate using the supplied token. cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x04365C88>] az_command_data_logger: exit code: 1 cli.main: Command ran in 3.025 seconds (init: 1.362, invoke: 1.663) telemetry.main: Begin splitting cli events and extra events, total events: 1 telemetry.client: Accumulated 0 events. Flush the clients. telemetry.main: Finish splitting cli events and extra events, cli events: 1 telemetry.save: Save telemetry record of length 3212 in cache telemetry.check: Negative: The C:\Users\my_org.azure\telemetry.txt was modified at 2023-01-23 15:34:24.820272, which in less than 600.000000 s

To Reproduce Use service principal token and login

Expected behavior Successful login

Environment summary { "azure-cli": "2.44.1", "azure-cli-core": "2.44.1", "azure-cli-telemetry": "1.0.8", "extensions": { "azure-devops": "0.25.0", "ssh": "1.1.3" } }

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @v-anvashist, @V-hmusukula.

Issue Details

**Related command** echo "my service principal token" | az devops login --organization https://dev.azure.com/my_org/ **Describe the bug** Failed to authenticate using the supplied token on the command: PS C:\Users\my_org> echo "my service principal token" | az devops login --organization https://dev.azure.com/my_org --debug but successfully login with set my service principal token in $env:AZURE_DEVOPS_EXT_PAT stacktrace: cli.knack.cli: Command arguments: ['devops', 'login', '--organization', 'https://dev.azure.com/my_org', '--debug'] cli.knack.cli: __init__ debug log: Enable color in terminal. Enable VT mode. cli.knack.cli: Event: Cli.PreExecute [] cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [, , ] cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate [] cli.azure.cli.core: Modules found from index for 'devops': ['azext_devops'] cli.azure.cli.core: Loading command modules: cli.azure.cli.core: Name Load Time Groups Commands cli.azure.cli.core: Total (0) 0.000 0 0 cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next'] cli.azure.cli.core: Loading extensions: cli.azure.cli.core: Name Load Time Groups Commands Directory cli.azure.cli.core: azure-devops 0.073 60 191 C:\Users\my_org\.azure\cliextensions\azure-devops cli.azure.cli.core: Total (1) 0.073 60 191 cli.azure.cli.core: Loaded 60 groups, 191 commands. cli.azure.cli.core: Found a match in the command table. cli.azure.cli.core: Raw command : devops login cli.azure.cli.core: Command table: devops login cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [] cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\my_org\.azure\commands\2023-01-23.15-34-29.devops_login.84228.log'. az_command_data_logger: command args: devops login --organization {} --debug cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [.add_subscription_parameter at 0x047F5028>] cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad [] cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [.add_ids_arguments at 0x047F5100>, .add_cache_arguments at 0x04800658>] cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded [] cli.knack.cli: Event: CommandInvoker.OnPreParseArgs [] cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [, , .parse_ids_arguments at 0x04800610>, ] az_command_data_logger: extension name: azure-devops az_command_data_logger: extension version: 0.25.0 cli.knack.prompting: No tty available. cli.azext_devops.dev.team.credentials: Getting PAT token in non-interactive mode. cli.azext_devops.dev.team.credentials: Creating connection with personal access token. msrest.universal_http.requests: Configuring retry: max_retries=3, backoff_factor=0.8, max_backoff=90 msrest.universal_http.requests: Configuring retry: max_retries=3, backoff_factor=0.8, max_backoff=90 azext_devops.devops_sdk._file_cache: Cache file does not exist: C:\Users\my_org\.azure-devops\python-sdk\cache\options.json azext_devops.devops_sdk.client: File cache miss for options on: https://dev.azure.com/my_org azext_devops.devops_sdk.client: OPTIONS https://dev.azure.com/my_org/_apis msrest.universal_http: Configuring redirects: allow=True, max=30 msrest.universal_http: Configuring request: timeout=100, verify=True, cert=None msrest.universal_http: Configuring proxies: '' msrest.universal_http: Evaluate proxies against ENV settings: True urllib3.connectionpool: Starting new HTTPS connection (1): dev.azure.com:443 urllib3.connectionpool: https://dev.azure.com:443 "OPTIONS /my_org/_apis HTTP/1.1" 401 0 msrest.exceptions: The requested resource requires user authentication: https://dev.azure.com/my_org/_apis cli.azext_devops.dev.team.credentials: The requested resource requires user authentication: https://dev.azure.com/my_org/_apis Traceback (most recent call last): File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\dev\team\credentials.py", line 63, in _verify_token connection_data = location_client.get_connection_data() File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\v5_0\location\location_client.py", line 26, in get_connection_data response = self._send(http_method='GET', File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 60, in _send request = self._create_request_message(http_method=http_method, File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 105, in _create_request_message location = self._get_resource_location(location_id) File "C:\Users\vsvmy_orgirski\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 135, in _get_resource_location Client._locations_cache[self.config.base_url] = self._get_resource_locations(all_host_types=False) File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 171, in _get_resource_locations response = self._send_request(request, headers=headers) File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 54, in _send_request self._handle_error(request, response) File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 253, in _handle_error raise AzureDevOpsAuthenticationError(full_message_format.format(error_message=error_message, azext_devops.devops_sdk.exceptions.AzureDevOpsAuthenticationError: The requested resource requires user authentication: https://dev.azure.com/my_org/_apis cli.azext_devops.dev.common.exception_handler: handling generic error cli.azure.cli.core.util: azure.cli.core.util.handle_exception is called with an exception: cli.azure.cli.core.util: Traceback (most recent call last): File "C:\Users\vsvmy_orgirski\.azure\cliextensions\azure-devops\azext_devops\dev\team\credentials.py", line 63, in _verify_token connection_data = location_client.get_connection_data() File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\v5_0\location\location_client.py", line 26, in get_connection_data response = self._send(http_method='GET', File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 60, in _send request = self._create_request_message(http_method=http_method, File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 105, in _create_request_message location = self._get_resource_location(location_id) File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 135, in _get_resource_location Client._locations_cache[self.config.base_url] = self._get_resource_locations(all_host_types=False) File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 171, in _get_resource_locations response = self._send_request(request, headers=headers) File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 54, in _send_request self._handle_error(request, response) File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\devops_sdk\client.py", line 253, in _handle_error raise AzureDevOpsAuthenticationError(full_message_format.format(error_message=error_message, azext_devops.devops_sdk.exceptions.AzureDevOpsAuthenticationError: The requested resource requires user authentication: https://dev.azure.com/my_org/_apis During handling of the above exception, another exception occurred: Traceback (most recent call last): File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 663, in execute File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 718, in _run_job File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\dev\common\exception_handler.py", line 31, in azure_devops_exception_handler reraise(*sys.exc_info()) File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\six.py", line 719, in reraise File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 697, in _run_job File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 333, in __call__ File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\dev\team\credentials.py", line 29, in credential_set _verify_token(organization=organization, token=token) File "C:\Users\my_org\.azure\cliextensions\azure-devops\azext_devops\dev\team\credentials.py", line 66, in _verify_token raise CLIError("Failed to authenticate using the supplied token.") knack.util.CLIError: Failed to authenticate using the supplied token. cli.azure.cli.core.azclierror: Failed to authenticate using the supplied token. az_command_data_logger: Failed to authenticate using the supplied token. cli.knack.cli: Event: Cli.PostExecute [] az_command_data_logger: exit code: 1 cli.__main__: Command ran in 3.025 seconds (init: 1.362, invoke: 1.663) telemetry.main: Begin splitting cli events and extra events, total events: 1 telemetry.client: Accumulated 0 events. Flush the clients. telemetry.main: Finish splitting cli events and extra events, cli events: 1 telemetry.save: Save telemetry record of length 3212 in cache telemetry.check: Negative: The C:\Users\my_org\.azure\telemetry.txt was modified at 2023-01-23 15:34:24.820272, which in less than 600.000000 s **To Reproduce** Use service principal token and login **Expected behavior** Successful login **Environment summary** { "azure-cli": "2.44.1", "azure-cli-core": "2.44.1", "azure-cli-telemetry": "1.0.8", "extensions": { "azure-devops": "0.25.0", "ssh": "1.1.3" } }

Author:	Vaisman
Assignees:	-
Labels:	`Service Attention`, `customer-reported`, `DevOps`, `Auto-Assign`
Milestone:	-

@yonhan, maybe you have any update about the issue from CXP team?

@Vaisman Hi, Could you please verify whether the supplied token is valid or not? we are able to login using command echo "######" | az devops login --organization https://dev.azure.com/contoso/

@v-soujanya I used valid Service Principal token. it works in another two cases described in the doc: https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows

@Vaisman I am / was facing a similar issue. I couldn't sign in to devOps using folowing command in Azure pipeline.

echo $PAT | az devops login --organization https://dev.azure.com/myorg

When I tried it from local console it worked however. In the end it turns out, I caused the problem myself. I am storing the personal access token in a variable group as a secret variable called pat hence the attempt to expand it in bash with $PAT. Yesterday I found out that you can't expand secret variables from variable groups.

Secret variables defined in a variable group cannot be accessed directly via scripts. Instead, they must be passed as arguments to the task.

source: https://adamtheautomator.com/azure-devops-variables/

When I tried the approach mentioned above it started to work for me. I am not sure if the core of your problem could be the same, but if so, I hope this helps.

I am having this same issue. When I run the commands locally this works.

echo $env:AZURE_DEVOPS_EXT_PAT | az devops login --organization https://dev.azure.com/org

echo "full token typed out" | az devops login --organization https://dev.azure.com/org

when I run from a powershell command in Azure DevOps I get this

ERROR: Failed to authenticate using the supplied token.

I'm having the same problem on a Windows Self-hosted Agent. However I'm not using PAT, I'm using access tokens obtained from Get-AzAccessToken as follows:

The agent machine logs in using Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $SpTenantId where the service principal has been granted appropriate permissions in Azure DevOps.

Next the script runs Get-AzAccessToken -ResourceUrl "499b84ac-1321-427f-aa17-267ca6975798" where the ResourceUrl value denotes all scopes for Azure DevOps API (this is not a sensitive value, it is global for anyone wanting to get an ADO access token with this method). This retrieves an access token for the service principal, similar to a PAT.

Following that the access token is used to log in, like so: $token | az devops login --organization $OrgUrl. I also tried setting the environment variable like this: $env:AZURE_DEVOPS_EXT_PAT = $token

All of these commands succeed when ran locally from terminal on the agent.

Now for the weird part. Even though the pipeline output returns "ERROR: Failed to authenticate using the supplied token.", the subsequent azure devops cli commands run with no issues (I manually ran az devops logout before running, so this isn't due to a previous login still being active). I'm not blocked by this behavior but I'm leaving this here as the error seems to be related.

I was getting the same issue in my yaml pipeline, but after adding env: SYSTEM_ACCESSTOKEN: $(System.AccessToken) to my task & the below authentication lines, I started getting the same as @ncswalton, an authentication error, but the commands working properly.

$env:AZURE_DEVOPS_EXT_PAT = $env:SYSTEM_ACCESSTOKEN echo "$env:AZURE_DEVOPS_EXT_PAT" | az devops login --organization https://dev.azure.com/orgname/

Azure / azure-cli

"Failed to authenticate using the supplied token" with service principal token #25206