What does `--auth-type login` mean in Azure CLI?

Question

What does --auth-type login mean in Azure CLI? According to the documentation, it Indicates whether the operation should auto-derive a policy key or use the current Azure AD session.

The command below is an example to get a list of devices in IoT Hub. But it fails with the authorization error.

$ az iot hub device-identity list -n {hub name} --auth-type login
{'Message': '{"errorCode":401003,"trackingId":"trackingIdhere","message":"Principal live.com#[email protected] is not authorized for POST on /devices/query due to no assigned permissions","timestampUtc":"2021-05-31T13:16:16.2433062Z"}', 'ExceptionMessage': ''}

Without --auth-type login (which means --auth-type key by default), however, it successfully completes the execution.

It is strange that --auth-type login gives authorization error because I am logged in as an owner of the resource. Maybe I misunderstand the purpose of --auth-type login.

So what does --auth-type login mean exactly?

Answer 1

You're right, when you login using --auth-type login you're using logged-in user principal's token. Make sure you have the right permissions to the IoTHub.

This is what I found on the Az Cli updates on Azure's Github:

Most commands against IoT Hub support Azure AD based access. The type of auth used to execute commands can be controlled with the "--auth-type" parameter which accepts the values "key" or "login". The value of "key" is set by default. When "--auth-type" has the value of "key", like before the CLI will auto-discover a suitable policy when interacting with iothub. When "--auth-type" has the value "login", an access token from the Azure CLI logged in principal will be used for the operation.

Owner role should be more than sufficient. If you recently assigned the role via RBAC, try to do an az logout followed by an az login to see if it helps. I've seen many similar issues related to just minor delays in role propagation. However, your issue could be different. Take a look at this which gives some interesting insights as to what could be happening.