Azure
Error: building account: could not acquire access token to parse claims:
I have authenticated to az cli using my entraID account. I used az login --use-device-code and set my default subscription.
I ran the command aztfexport resource-group <rgname> and receive the error listed below.
Any idea why I would be getting this error if I'm authenticated locally on my machine, where is aztfexport trying to use my credential to authenticate that I would receive a conditional access error if it's supposed to be running on my machine where I'm already authenticated.
I have no issues running az cli commands locally or even in the cloud shell.
exit status 1
Error: building account: could not acquire access token to parse claims: running Azure CLI: exit status 1: ERROR:
AADSTS50005: User tried to log in to a device from a platform (Unknown) that's currently not supported through
Conditional Access policy. Supported device platforms are: iOS, Android, Mac, and Windows flavors. Trace ID:
105fd51e-db51-4a7e-883c-f8cb9bf81800 Correlation ID: 18c9e6ca-314d-4de2-96dd-5549adaba347 Timestamp: 2025-01-08
az login --scope https://graph.microsoft.com/.default
with provider["registry.terraform.io/hashicorp/azurerm"],
on C:\Users\914239\AppData\Local\Temp\aztfexport-3758608741\provider.tf line 1, in provider "azurerm":
1: provider "azurerm" {
@johnwildes Your organization has enabled the conditional access policy that forbidens logging in with the scope of msgraph, under unsupported OS (presumably it is Linux, as I encountered this as well). You can reproduce this by running az login --scope https://graph.microsoft.com/.default direcatly.
The azurerm provider requires the msgraph token during its initialization. That's why aztfexport raised this error. However, if you use azapi provider (by specifying --provider-name azapi), it shall only request the arm scope. You can have a try.
Otherwise, you can try other auth method like SP + secret to see how it goes.. (Sorry that I don't have a Linux machine right now, so can't test this...)
