Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Starting in version 2.30.0, Azure CLI uses Microsoft Authentication Library (MSAL) as the underlying authentication library. MSAL uses Azure Active Directory v2.0 authentication flow to provide more functionality and increases security for token cache.
Warning
BREAKING CHANGES are introduced in Azure CLI 2.30.0. Carefully read document prior to installation.
accessTokens.json deprecation
Previous versions of Azure CLI saved Azure AD Authentication Library (ADAL) tokens and service principal entries to ~/.azure/accessToken.json. The latest versions of the Azure CLI use MSAL and no longer generate accessTokens.json. Any existing workflow depending on accessTokens.json no longer works.
The MSAL token cache and service principal entries are saved as encrypted files on Windows, and plaintext files on Linux and macOS.
Important
When using Azure CLI in a pipeline like Azure DevOps, ensure all tasks and stages are using versions of Azure CLI above v2.30.0 for MSAL-based Azure CLI. Azure CLI 2.30.0 is not backwards compatible with prior versions and throws an error when working with versions prior to 2.30.0.
Alternatives to consider
Alternatives you may consider for stability:
Calling az account get-access-token
You can manually call az account get-access-token in a terminal or use a subprocess to call it from another programming language. By default, the returned access token is for Azure Resource Manager (ARM) and the default subscription/tenant shown in az account show.
# get the active subscription
az account show --output table
# get access token for the active subscription
az account get-access-token
# get access token for a specific subscription
az account get-access-token --subscription "<subscription ID or name>"
To learn more about the access tokens, see Sign in with Azure CLI.
Using AzureCliCredential
AzureCliCredential is a credential type in all existing language SDKs. It uses subprocess to call az account get-access-token to get an access token for the current logged-in account.
See also
- MSAL
- Python
- AzureCliCredential Class in Python
- .NET
- AzureCliCredential Class in .NET
- Java
- AzureCliCredential Class in Java
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
