In az login, add --use-auth-code flag to trigger auth code authentication flow even on computers without detected browsers. Today, the only way to trigger it is to have a browser installed but this suggested flag would just print out URL instead of opening a tab in browser if a browser does not exist.
Is your feature request related to a problem? Please describe.
We use our local conditional access enabled browser to login to Azure when using vscode remote containers. This function would enable enterprises using conditional access in Azure to use Azure CLI in their development containers.
Describe the solution you'd like
Just like forcing device code we'd like to use auth code challenge even on machines without browser installed. The expected behavior is that the challenge URL will be printed (if no browser installed). This would enable us to manually use that URL to login through another browser (that complies with conditional access policies) by completing the challenge and then sending a request to the callback URL ourselves in the machine that provided us the URL.
Alternatives considered
We can still get this working by installing e.g. terminal-based browser on the Linux to get the URL as workaround but it's more painful and not an enterprise-wide scalable experience.
In
az login, add--use-auth-codeflag to trigger auth code authentication flow even on computers without detected browsers. Today, the only way to trigger it is to have a browser installed but this suggested flag would just print out URL instead of opening a tab in browser if a browser does not exist.Is your feature request related to a problem? Please describe.
We use our local conditional access enabled browser to login to Azure when using vscode remote containers. This function would enable enterprises using conditional access in Azure to use Azure CLI in their development containers.
Describe the solution you'd like
Just like forcing device code we'd like to use auth code challenge even on machines without browser installed. The expected behavior is that the challenge URL will be printed (if no browser installed). This would enable us to manually use that URL to login through another browser (that complies with conditional access policies) by completing the challenge and then sending a request to the callback URL ourselves in the machine that provided us the URL.
Alternatives considered
We can still get this working by installing e.g. terminal-based browser on the Linux to get the URL as workaround but it's more painful and not an enterprise-wide scalable experience.