Add more non-interactive authentication modes · Azure/azure-cli#7594

(3 评论) (0 反应) (0 负责人)Python (3,786 star) (2,854 fork)batch import

Accountact-identity-squadfeature-requesthelp wanted

描述

Is your feature request related to a problem? Please describe. I am frustrated when trying to run Azure CLI from PowerShell silently.

az login currently supports these non-interactive authentication modes:

I would like to see some more that are mostly applicable to Windows environments.

Describe the solution you'd like

login with SP certificate coming from a certificate store (Windows only)
login with an existing access token obtained for the appropriate audience, such as piping Azure PowerShell access token into Azure CLI.
single sign-on with Windows identity from a domain environment connected to an AAD tenant with ADFS

I don't want to provide any credentials (user credentials or SP ID / Key) via CLI to login silently, because it's the least secure option. However, it's fine if I can't use single sign on if I am stopped by MFA.

Describe alternatives you've considered We are now trialing login with user assigned managed identity case with preview managed identities.

Additional context I am trying to call az acr build and az acr repository commands from PowerShell, because Azure PowerShell set of ACR commands is lacking.

贡献者指南

技术栈: python
领域: authenticationclicloud
议题类型: feature
难度: 4
预计时间: over 1 week
活动状态: stale
清晰度: needs investigation
前置要求: Azure CLI codebaseAzure AD authenticationCertificate store integration
新手友好度: 25
研究方向: Explore the Azure CLI authentication implementation in the 'azure cli core' package, specifically files like 'auth.py' and 'custom.py' in the profile module. Review the existing non interactive authentication modes to understand the architecture. Investigate the Azure SDK for Python documentation on certificate authentication and token based authentication. Check the thread for any maintainer responses or additional feature requests.