Allow cross tenant subscription rest api

[cveld]

Related command

az rest --method post --uri "https://management.azure.com/subscriptions/customersubscription/resourceGroups/rg-managedapp/providers/Microsoft.Solutions/applications/mymanagedapp/listTokens?api-version=2018-09-01-preview"

Is your feature request related to a problem? Please describe.

I have a managed app published, I want to retrieve the managed identity access token. This must be done with a publisher identity (or a managed identity in the managed resource group, but that is not the scenario I am playing). Unfortunately az rest first checks if the subscription is known before submitting the rest http call. The publisher identity does not see this subscription as it is connected with the consumer tenant.

Describe the solution you'd like

I would like to have a flag to skip the subscription check.

Describe alternatives you've considered

With az account get-access-token I can get a token, and then use regular curl.

Additional context

See https://learn.microsoft.com/en-us/azure/azure-resource-manager/managed-applications/publish-managed-identity#accessing-the-managed-identity-token where this is documented.

[yonzhan]

Thank you for opening this issue, we will look into it.

[cveld]

I believe I was wrong - I just needed to run az login again to fetch the updated list of visible subscriptions. Now the az cli command runs fine. Maybe it is still an idea to add a flag to ignore the subscription check? And maybe it is nice to have a refresh subscriptions option without having to authenticate again?