yonzhan
commented
3 weeks ago Thank you for opening this issue, we will look into it.
Open maskati opened 3 weeks ago
yonzhan
commented
3 weeks ago Thank you for opening this issue, we will look into it.
jiasli
commented
3 weeks ago Supporting --force-refresh in az account get-access-token is tracked by https://github.com/Azure/azure-cli/issues/17578.
Does az account clear and az login work for you? It may be related to https://github.com/Azure/azure-cli/issues/26573.
maskati
commented
3 weeks ago az account clear or az logout do work, but are not ideal since the user is already authenticated and only requires a refreshed access token. It's unfortunate that MSAL does not allow forcing refresh of the token in the cache, mearly skipping the cache altogether for a single token acquisition (--force-refresh). Clearing the cache is not useful since it also clears the refresh token.
Would it be possible to expand --force-refresh to be a global parameter? It would would probably need to be more clearly named since "force refresh" is clear in the context of get-access-token but not in general.
maskati
commented
2 weeks ago Actually it seems like force_refresh does update the token cache, so this issue would be resolved by performing az account get-access-token --force-refresh > /dev/null to force cached token update and then performing the desired operation. Looking forward to #17578 being implemented.
Related command
az accountIs your feature request related to a problem? Please describe. Some scenarios require refreshing the cached access token of an account, for example when user's group membership changes as a consequence of PIM for Groups.
Describe the solution you'd like Provide a mechanism to refresh the cached access token of an account e.g.
az account refresh-access-token.Describe alternatives you've considered Waiting for token expiration or performing
az logoutandaz login.