tokencache.dat should be replaced by msal.cache for newer PS version in doc

Question

tokencache.dat should be replaced by msal.cache for newer PS version in doc

Riiiiika opened this issue 3 years ago · 3 comments

In below introduction, it's said user needs to mount TokenCache.dat file to azure-powershell container to use host authentication:

However there's no such file under /root/Azure, but only one empty directory called "tokencache.dat" exists (the bak files are backups during test):

So when we run powershell docker with the command listed in the doc, we couldn't get token in container actually. AzConext could be passed into Container successfully if you run Get-AzContext, however when running other basic commands like Get-AzSubscription or Get-AzResource, it will throw an error saying "SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache":

I took some research and found the token cache file has been changed after Az.Account 2.x, so the actual token cache file should be ~/.local/share/.IdentityService/msal.cache in CentOS (not tested in other Linux distros), and ~/.IdentityService/msal.cache in Windows.

Based on this, if I ran the command like below, I could get Azure resources successfully with host authentication in azure-powershell container(tested with Azure China Cloud in screenshot):
docker run -it -v ~/.Azure/AzureRmContext.json:/root/.Azure/AzureRmContext.json -v ~/.local/share/.IdentityService/msal.cache:/root/.local/share/.IdentityService/msal.cache mcr.microsoft.com/azure-powershell pwsh

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 74fcf9fd-8033-a3a8-51ca-309e1c74e615
Version Independent ID: bc8743ed-c035-2211-e3c1-a35ffbf7277e
Content: Using Azure PowerShell in Docker
Content Source: docs-conceptual/azps-7.2.0/azureps-in-docker.md
Service: azure-powershell
GitHub Login: @mikefrobbins
Microsoft Alias: mirobb

Answer 1 · 2022-02-25T17:41:58.000Z

@Riiiiika Thanks for your feedback! We will investigate and update as appropriate.

Answer 2 · 2022-02-26T07:06:48.000Z

@Riiiiika this is correct, we moved to MSAL with Az.Accounts v2.x and the cache has not only changed location but is now encrypted.
We will update the article, thanks for reporting.

Answer 3 · 2022-03-08T21:29:45.000Z

@Riiiiika The host authentication section has been removed from the documentation. This is no longer an option because the cache is now encrypted.