Open maskati opened 3 weeks ago
Thank you for opening this issue, we will look into it.
Supporting --force-refresh
in az account get-access-token
is tracked by https://github.com/Azure/azure-cli/issues/17578.
Does az account clear
and az login
work for you? It may be related to https://github.com/Azure/azure-cli/issues/26573.
az account clear
or az logout
do work, but are not ideal since the user is already authenticated and only requires a refreshed access token. It's unfortunate that MSAL does not allow forcing refresh of the token in the cache, mearly skipping the cache altogether for a single token acquisition (--force-refresh
). Clearing the cache is not useful since it also clears the refresh token.
Would it be possible to expand --force-refresh
to be a global parameter? It would would probably need to be more clearly named since "force refresh" is clear in the context of get-access-token
but not in general.
Actually it seems like force_refresh does update the token cache, so this issue would be resolved by performing az account get-access-token --force-refresh > /dev/null
to force cached token update and then performing the desired operation. Looking forward to #17578 being implemented.
Related command
az account
Is your feature request related to a problem? Please describe. Some scenarios require refreshing the cached access token of an account, for example when user's group membership changes as a consequence of PIM for Groups.
Describe the solution you'd like Provide a mechanism to refresh the cached access token of an account e.g.
az account refresh-access-token
.Describe alternatives you've considered Waiting for token expiration or performing
az logout
andaz login
.