Azure / azure-cli

Azure Command-Line Interface
MIT License
4.01k stars 2.98k forks source link

For service principal authentication, replace `--username` with `--client-id`, replace `--password` with `--client-secret`, `--certificate` #29481

Open jiasli opened 3 months ago

jiasli commented 3 months ago

Related command az login --identity

Is your feature request related to a problem? Please describe. Azure CLI uses below arguments for service principal authentication:

such as

az login --service-principal --username xxx --password xxx --tenant xxx

These arguments are also used in user authentication:

az login --username xxx --password xxx --tenant xxx

Reusing --username and --password for both user and service principal authentication can be confusing.

Describe the solution you'd like To be consistent with OAuth 2.0 client credentials flow parameters,

When supporting OIDC authentication, --federated-token is introduced, instead of reusing --password.

Describe alternatives you've considered

Additional context --identity may require similar changes: https://github.com/Azure/azure-cli/issues/29480

yonzhan commented 3 months ago

Thank you for opening this issue, we will look into it.