Skip to content

Fetch an access token using az account get-access-token for resource-A using resource-B with a scope for resource-A in its list of configured permissions? #29071

Description

@nlykkei

Related command
az account get-access-token ...

Is your feature request related to a problem? Please describe.
After having preauthorized the Azure CLI for an application object (resource), I often use the following command to fetch a token for the resource for the preauthorized scope(s), e.g. user_impersonation:

az account get-access-token --resource api://779d25c3-6c74-4875-b5ae-ef9b5a04b1e8

Describe the solution you'd like
Now consider the case, where I have configured the resource with permissions for e.g. MS Graph User.Read.

In that case, I would like to use Azure CLI to fetch a token for MS Graph, with User.Read scope, using the resource, like I would normally do using the authorization code grant flow: sign-in to the resource and specify a scope of User.Read, resulting in a token for MS Graph with User.Read scope.

Describe alternatives you've considered
Currently, I need to use, e.g. Postman, to fetch a token for MS Graph using the resource in the authorization code grant flow.

Additional context
None

Metadata

Metadata

Labels

ARMaz resource/group/lock/tag/deployment/policy/managementapp/account management-groupAuto-AssignAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamact-identity-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type
No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions