az login in azure-cli 2.76.0 does not support authentication with a security key #31917
Description
Describe the bug
The az login flow to authenticate seems to directly fail with a 403 error instead of offering the selection menu to use a device or security key (see attached screenshot for the expected screen).
Workaround
The only workaround currently is to first login through a web browser to revert back to password+MFA and then use the az login to get a session token (as it properly supports password+MFA authentication)
Related command
Reproducer
- Run
az login - In the dialog, select "Use professional or school account"
- In the next dialog, type in the login ([email protected])
- When clicking next, 403 error dialog
Errors
Issue
When trying to login with my admin account set to use my Yubikey, the login dialog window returns a 403 error instead of redirecting to the Security key option (attached screenshot is the next step of the login process that does not show with az login but properly works in any web browser).
Issue script & Debug output
n/a
Expected behavior
The login flow should be able to offer the "device or security key" dialog and if not supported, gracefully fallback to the other login methods dialog (to be able to fallback to password+MFA).
Environment Summary
Environment
Windows 11 Enterprise 24H2 (26100.4652)
PowerShell 5.1.26100.4652
azure-cli 2.76.0
core 2.76.0
telemetry 1.1.0
Dependencies:
msal 1.33.0b1
azure-mgmt-resource 23.3.0
Python location 'C:\Users\ursc0504\scoop\apps\azure-cli\current\python.exe'
Config directory 'C:\Users\ursc0504.azure'
Extensions directory 'C:\Users\ursc0504.azure\cliextensions'
Python (Windows) 3.12.10 (tags/v3.12.10:0cc8128, Apr 8 2025, 12:21:36) [MSC v.1943 64 bit (AMD64)]
Additional context
No response