Context

When a user runs az login, it saves ADAL refresh tokens and access tokens to ~/.azure/accessToken.json. Azure CLI users or SDKs may use accessToken.json to authenticate to Azure APIs.

Explanation

Azure CLI is a python application and each command execution is a separate process, so commands don't share the same memory space and credentials can't be saved at process level.

accessTokens.json deprecation

After #18944, Azure CLI will use MSAL and will no longer generate accessTokens.json. Tokens will be saved to an encrypted token cache using MSAL extension.

The MSAL token cache will be encrypted on Windows, macOS and Linux with a desktop environment; therefore, directly accessing the MSAL token cache will not work. Any existing workflow depending on accessTokens.json will stop working.

Alternatives

Below are several alternatives you may consider:

Calling az account get-access-token

You can manually call az account get-access-token in a terminal or use subprocess to call it from another programming language.

Using AzureCliCredential

AzureCliCredential is a credential type in all existing language SDKs. It internally uses subprocess to call az account get-access-token to gets an access token from current logged in Azure CLI accounts.