Enhancement Request: azurerm backend OIDC (Workload Identity federation) authentication support for token refresh

[jaredfholgate]

Terraform Version

latest

Use Cases

As a Terraform user with remote state in Azure Blob Storage, I want to use OIDC (Workload identity federation) authentication with Azure DevOps and not have to worry about id token expiration.

Attempted Solutions

There are no good work arounds for this.

Proposal

Use the new azurepiplinescredential classes to automatically refresh the id token: https://devblogs.microsoft.com/azure-sdk/improve-security-posture-in-azure-service-connections-with-azurepipelinescredential/

References

• Enhancement Request: azurerm backend authentication upgrade to match provider #34322 (related)

[crw]

Thanks for this feature request! If you are viewing this issue and would like to indicate your interest, please use the 👍 reaction on the issue description to upvote this issue. We also welcome additional use case descriptions. Thanks again!