What does --auth-type login
mean in Azure CLI?
According to the documentation, it Indicates whether the operation should auto-derive a policy key or use the current Azure AD session
.
The command below is an example to get a list of devices in IoT Hub. But it fails with the authorization error.
$ az iot hub device-identity list -n {hub name} --auth-type login
{'Message': '{"errorCode":401003,"trackingId":"trackingIdhere","message":"Principal live.com#[email protected] is not authorized for POST on /devices/query due to no assigned permissions","timestampUtc":"2021-05-31T13:16:16.2433062Z"}', 'ExceptionMessage': ''}
Without --auth-type login
(which means --auth-type key
by default), however, it successfully completes the execution.
It is strange that --auth-type login
gives authorization error because I am logged in as an owner of the resource.
Maybe I misunderstand the purpose of --auth-type login
.
So what does --auth-type login
mean exactly?
You're right, when you login using
--auth-type login
you're using logged-in user principal's token. Make sure you have the right permissions to the IoTHub.This is what I found on the Az Cli updates on Azure's Github:
Owner role should be more than sufficient. If you recently assigned the role via RBAC, try to do an
az logout
followed by anaz login
to see if it helps. I've seen many similar issues related to just minor delays in role propagation. However, your issue could be different. Take a look at this which gives some interesting insights as to what could be happening.