sadasant
commented
4 years ago Here's what's going on:
When we authenticate with the Azure Active Directory (AAD), it attempts to associate the authenticating user with a target "directory". This directory is specified by the given "domain". If no domain is specified, the "common" domain is assumed. In this common domain, while organizations might have shared resources, personal accounts will show nothing. In AAD v2, the "organizations" domain was added, to allow users to authenticate and view all of the available resources regardless of the type of account they might have. Since ms-rest-nodeauth only supports AAD v1, we have to change the domain after authenticating.
This is what we're proposing with the pull request #91, which includes documentation changes, code changes and a sample file.
ramya-rao-a
The
interactiveLoginWithAuthResponse()login method which is an alias for withInteractiveWithAuthResponse() is expected to return a credential and list of associated subscriptions.While investigating https://github.com/Azure/ng-deploy-azure/issues/55, it was found that this method returned no subscriptions when using personal or trial Azure accounts.
The workaround being tried is to get list of all tenants and pass the first one to
interactiveLoginWithAuthResponse()one more time. The list is created by calling the internal buildTenantList helper function.While this workaround works, it is not advisable to do so as it takes a dependency on an internal function that can change any day. Also, the right fix should go to
interactiveLoginWithAuthResponse(). Also, there is no guarantee that the first value in the tenant list is the right one to use.https://github.com/Azure/ms-rest-nodeauth/blob/master/lib/login.ts#L511-L512 shows that we do get all applicable tenants and then all applicable subscriptions for each of the tenant. So, the expectation out of this login method would be to return all subscriptions.
cc @shmool who came up with the work around
cc @jonathandturnerm, @daviwil