Open jikuja opened 2 years ago
And even more things that could be classified as bugs:
login process does full Azure AD interragotion even when user has:
az devops login
If user has large number of tenants in their az cli login credentials cache this will add huge delay before the actual API call is made.
In my use case those CLI has to make extra 8 queries to https://login.microsoftonline.com/
to fetch a token and other 8 extra calls to validate token by calling https://dev.azure.com:443/{organization}/_apis/projects?stateFilter=all&$top=1&$skip=0
even I want to use PAT.
Does this logic make sense? Is there any documentation how current authentication code is supposed to work?
Anything or is this project just dead?
Is your feature request related to a problem? Please describe. AAD token authentication is really flaky, hides error messages and has terrible UX
Splitted from issue #1258
Describe the solution you'd like Rewrite most of the related code
Background Story
Current status
subscriptions = profile.load_cached_subscriptions(False)
loops through the informationtoken = get_token_from_az_login(profile, key[0])
validate_token_for_instance(organization, credentials)
get_token_from_az_logins()
and_get_credentials()
will raise exceptionvalidate_token_for_instance()
is described laterget_token_from_az_login() problems
https://github.com/Azure/azure-devops-cli-extension/blob/b3d0392d597a2eae5229e96059359d00fbb2e222/azure-devops/azext_devops/dev/common/services.py#L155-L165
profile.get_raw_token()
are masked by logger.debug()validate_token_for_instance() problems
https://github.com/Azure/azure-devops-cli-extension/blob/b3d0392d597a2eae5229e96059359d00fbb2e222/azure-devops/azext_devops/dev/common/services.py#L86-L98
get_token_from_az_logins() problem
https://github.com/Azure/azure-devops-cli-extension/blob/b3d0392d597a2eae5229e96059359d00fbb2e222/azure-devops/azext_devops/dev/common/services.py#L116-L152
Issues
--debug
--tenant
,--allow-no-subscriptions
and maybe even give hint about active subscription selectionProposed fixes
Add
--tenant
parameterIf user can applies tenant id then https://github.com/Azure/azure-devops-cli-extension/blob/b3d0392d597a2eae5229e96059359d00fbb2e222/azure-devops/azext_devops/dev/common/services.py#L123-L128 logic of that code could be simplified and looping all available tenants is not needed
Request tenant id from Azure Devops service
ADO API returns tenant id with 403 replies
The following headers are returned from ADO:
Looping through all tenant information is not needed if tenant information is fetch from the ADO API.
Removal of token validation
Removal of the tenant loops
(1) https://github.com/Azure/azure-devops-cli-extension/blob/b3d0392d597a2eae5229e96059359d00fbb2e222/azure-devops/azext_devops/dev/common/services.py#L119 (2) this code was broken. Fix is in main but not released yet
Current state:
Future?: