Open et1975 opened 4 months ago
isra-fel
commented
4 months ago I assume in this scenario you have obtained the OBO token from somewhere else and want to use it for authentication of Azure PowerShell? In that case simply run Connect-AzAccount -AccessToken $token. Then all the subsequent cmdlets will use that token for authN.
As of the request to customize correlation ID, we need to think in a bigger picture. Could you share with us the purpose of it or your business scenario?
et1975
commented
3 months ago @isra-fel if you look at the link I posted the scenario is explicitly defined: the internal push to constrain the use of pure S2S via inclusion of OBO token. TL;DR: it specifically states that it's not enough to provide access token for ARM OBO flows - it requires that specific headers be included in addition to the regular Authorization header.
PS: I assume as an MS employee you are familiar with S360 requirements and have access to the 1ES site, but if you don't - feel free to ping me on Teams and I can show you.
Description of the new feature
We'd like to enable scenarios that'd make it possible to use Az powershell with ARM OBO token. Assuming the token itself is just a regular AAD access token we'd still need the ability to specify a couple of required headers.
Proposed implementation details (optional)
A couple of alternatives
-Headersparameters inInvoke-AzRestMethodConnect-AzAccountand inject it in all subsequent ARM calls