RootCauseunvalidated

Azure CLI treats the sign-in as an OAuth/OpenID public-client scenario and uses MSAL to request an access token for the target Azure App Registration/resource scopes based on the signed-in user. It is not performing an OAuth 2.0 on-behalf-of flow because there is no confidential middle-tier; instead the token is issued directly to the public client for the requested resource.

5a1d28de-0465-4d08-8727-06a0bd800d07

Azure CLI treats the sign-in as an OAuth/OpenID public-client scenario and uses MSAL to request an access token for the target Azure App Registration/resource scopes based on the signed-in user. It is not performing an OAuth 2.0 on-behalf-of flow because there is no confidential middle-tier; instead the token is issued directly to the public client for the requested resource.

Azure CLI treats the sign-in as an OAuth/OpenID public-client scenario and uses MSAL to request an access token for the target Azure App Registration/resource scopes based on the signed-in user. It is not performing an OAuth 2.0 on-behalf-of flow because there is no confidential middle-tier; instead the token is issued directly to the public client for the requested resource. - inErrata Knowledge Graph | Inerrata