Related command
az login
Is your feature request related to a problem? Please describe.
Currently Azure CLI uses a fixed client ID to authenticate into AAD
|
AZURE_CLI_CLIENT_ID = '04b07795-8ddb-461a-bbee-02f9e1bf7b46' |
This client ID 04b07795-8ddb-461a-bbee-02f9e1bf7b46 is a First Party Application, registered in First Party Portal.
This application is only pre-authorized for a limited set of Microsoft Graph permissions. Using Azure CLI command az rest to call trustFrameworkKeySet API which requires TrustFrameworkKeySet.Read.All, TrustFrameworkKeySet.ReadWrite.All will fail (#22755).
Describe the solution you'd like
Support custom client ID, so that users can create their own app in their tenant, consent to that app and let Azure CLI use that app’s client ID:
Describe alternatives you've considered
Apply for those permissions in First Party Portal to support these APIs.
Related command
az loginIs your feature request related to a problem? Please describe.
Currently Azure CLI uses a fixed client ID to authenticate into AAD
azure-cli/src/azure-cli-core/azure/cli/core/auth/identity.py
Line 22 in 1d973cc
This client ID
04b07795-8ddb-461a-bbee-02f9e1bf7b46is a First Party Application, registered in First Party Portal.This application is only pre-authorized for a limited set of Microsoft Graph permissions. Using Azure CLI command
az restto call trustFrameworkKeySet API which requires TrustFrameworkKeySet.Read.All, TrustFrameworkKeySet.ReadWrite.All will fail (#22755).Describe the solution you'd like
Support custom client ID, so that users can create their own app in their tenant, consent to that app and let Azure CLI use that app’s client ID:
Describe alternatives you've considered
Apply for those permissions in First Party Portal to support these APIs.