[Bug/Feature] persistent self hosted runner -> multiple runners on one persistent host

[AndreasAugustin]

Hi dear Azure/login action team,

maybe I am wrong, but I think there is an issue when you have multiple self hosted runners on one persistent host.

Following scenario:

• Azure Linux VM (persistent) with one user
• multiple runners registered (Github enterprise, but I am sure same should apply for Github.com) onto this one VM with same user (started service svc.sh)
• using this github action for login

If I get it right, then the login will write authentication information (tokens,..) into ˜/.azure/.. Due to the fact that we have multiple runners on this one single host registered with the same user, one runner will steal the authentication information for the other jobs. If this is the case, then it is highly dangerous because one runner will run with the credentials of another runner.

Maybe I did not fully get this right and the login is related to the runner and not the user.

If I am right, it would be nice to have the login context related to the runner not the user or at least add a howto/warning if using self hosted runners. Best would be to have one login context per workflow job.