JWK key export key parameters as keyOps instead of key_ops #30754
Description
Describe the bug
According to RFC 7517 Key Parameters should be presented as key_ops.
Example output:
{
"crv": "P-256",
"d": null,
"dp": null,
"dq": null,
"e": null,
"k": null,
"keyOps": [
"sign",
"verify"
],
"kid": "",
"kty": "EC",
"n": null,
"p": null,
"q": null,
"qi": null,
"t": null,
"x": "-----",
"y": "-----"
}Related command
az keyvault key show --vault-name "vault_name" --name "key_name" --query key
Errors
no errors
Issue script & Debug output
cli.knack.cli: Command arguments: ['keyvault', 'key', 'show', '--vault-name', 'vault_name', '--name', 'key_name', '--query', 'key', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x1055d56c0>, <function OutputProducer.on_global_arguments at 0x10569c900>, <function CLIQuery.on_global_arguments at 0x1056ca3e0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'keyvault': ['azure.cli.command_modules.keyvault']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: keyvault 0.006 20 113
cli.azure.cli.core: Total (1) 0.006 20 113
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 20 groups, 113 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : keyvault key show
cli.azure.cli.core: Command table: keyvault key show
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x10645b420>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/Users/grzegorzkotfis/.azure/commands/2025-02-04.09-35-26.keyvault_key_show.51884.log'.
az_command_data_logger: command args: keyvault key show --vault-name {} --name {} --query {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x106489ee0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x1064cc180>, <function register_cache_arguments..add_cache_arguments at 0x1064cc2c0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x10569c9a0>, <function CLIQuery.handle_query_parameter at 0x1056ca480>, <function register_ids_argument..parse_ids_arguments at 0x1064cc220>]
cli.azure.cli.core.auth.persistence: build_persistence: location='/Users/grzegorzkotfis/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /Users/username/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891
msal.authority: openid_config("https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
urllib3.connectionpool: Starting new HTTPS connection (1): dev-kv.vault.azure.net:443
urllib3.connectionpool: https://dev-kv.vault.azure.net:443 "GET /keys/swan-server-consent-key/?api-version=7.5-preview.1 HTTP/1.1" 401 97
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://vault.azure.net/.default',), kwargs={'tenant_id': '8ea908c1-4e85-4692-bc3f-3646b9b40891'}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://vault.azure.net/.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: d70d83c2-97c6-4a34-9c61-5be6f9f8dbf1
urllib3.connectionpool: https://dev-kv.vault.azure.net:443 "GET /keys/key-name/?api-version=7.5-preview.1 HTTP/1.1" 200 437
cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x1064a91c0>, <function _x509_from_base64_to_hex_transform at 0x1064a9260>]
cli.knack.cli: Event: CommandInvoker.OnFilterResult [<function CLIQuery.handle_query_parameter..filter_output at 0x106b33880>]
{
"crv": "P-256",
"d": null,
"dp": null,
"dq": null,
"e": null,
"k": null,
"keyOps": [
"sign",
"verify"
],
"kty": "EC",
"n": null,
"p": null,
"q": null,
"qi": null,
"t": null,
"x": "-------",
"y": "-------"
}
cli.knack.cli: Event: Cli.SuccessfulExecute []
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x10645b6a0>]
az_command_data_logger: exit code: 0
cli.main: Command ran in 0.953 seconds (init: 0.118, invoke: 0.835)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3736 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/opt/homebrew/Cellar/azure-cli/2.61.0/libexec/bin/python /opt/homebrew/Cellar/azure-cli/2.61.0/libexec/lib/python3.11/site-packages/azure/cli/telemetry/init.py /Users/username/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
Show JWK with a key_ops prop name for key parameters
Environment Summary
azure-cli 2.61.0 *
core 2.61.0 *
telemetry 1.1.0
Extensions:
application-insights 1.0.0
Dependencies:
msal 1.28.0
azure-mgmt-resource 23.1.1
Additional context
No response