JWK key export key parameters as keyOps instead of key_ops
#30754
Assignees
Labels
Auto-Assign
Auto assign by bot
Auto-Resolve
Auto resolve by bot
Azure CLI Team
The command of the issue is owned by Azure CLI team
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
KeyVault
az keyvault
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Comments
GKotfis
added
the
bug
|
Hi @GKotfis, 2.61.0 is not the latest Azure CLI(2.68.0). If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli. |
microsoft-github-policy-service
bot
added
customer-reported
microsoft-github-policy-service
bot
added
Azure CLI Team
|
Thank you for opening this issue, we will look into it. |
yonzhan
removed
the
bug
|
Sorry for the inconvenience. But |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
According to RFC 7517 Key Parameters should be presented as
key_ops.Example output:
{ "crv": "P-256", "d": null, "dp": null, "dq": null, "e": null, "k": null, "keyOps": [ "sign", "verify" ], "kid": "", "kty": "EC", "n": null, "p": null, "q": null, "qi": null, "t": null, "x": "-----", "y": "-----" }Related command
az keyvault key show --vault-name "vault_name" --name "key_name" --query keyErrors
no errors
Issue script & Debug output
cli.knack.cli: Command arguments: ['keyvault', 'key', 'show', '--vault-name', 'vault_name', '--name', 'key_name', '--query', 'key', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x1055d56c0>, <function OutputProducer.on_global_arguments at 0x10569c900>, <function CLIQuery.on_global_arguments at 0x1056ca3e0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'keyvault': ['azure.cli.command_modules.keyvault']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: keyvault 0.006 20 113
cli.azure.cli.core: Total (1) 0.006 20 113
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 20 groups, 113 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : keyvault key show
cli.azure.cli.core: Command table: keyvault key show
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x10645b420>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/Users/grzegorzkotfis/.azure/commands/2025-02-04.09-35-26.keyvault_key_show.51884.log'.
az_command_data_logger: command args: keyvault key show --vault-name {} --name {} --query {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x106489ee0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x1064cc180>, <function register_cache_arguments..add_cache_arguments at 0x1064cc2c0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x10569c9a0>, <function CLIQuery.handle_query_parameter at 0x1056ca480>, <function register_ids_argument..parse_ids_arguments at 0x1064cc220>]
cli.azure.cli.core.auth.persistence: build_persistence: location='/Users/grzegorzkotfis/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /Users/username/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891
msal.authority: openid_config("https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/8ea908c1-4e85-4692-bc3f-3646b9b40891/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
urllib3.connectionpool: Starting new HTTPS connection (1): dev-kv.vault.azure.net:443
urllib3.connectionpool: https://dev-kv.vault.azure.net:443 "GET /keys/swan-server-consent-key/?api-version=7.5-preview.1 HTTP/1.1" 401 97
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://vault.azure.net/.default',), kwargs={'tenant_id': '8ea908c1-4e85-4692-bc3f-3646b9b40891'}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://vault.azure.net/.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: d70d83c2-97c6-4a34-9c61-5be6f9f8dbf1
urllib3.connectionpool: https://dev-kv.vault.azure.net:443 "GET /keys/key-name/?api-version=7.5-preview.1 HTTP/1.1" 200 437
cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x1064a91c0>, <function _x509_from_base64_to_hex_transform at 0x1064a9260>]
cli.knack.cli: Event: CommandInvoker.OnFilterResult [<function CLIQuery.handle_query_parameter..filter_output at 0x106b33880>]
{
"crv": "P-256",
"d": null,
"dp": null,
"dq": null,
"e": null,
"k": null,
"keyOps": [
"sign",
"verify"
],
"kty": "EC",
"n": null,
"p": null,
"q": null,
"qi": null,
"t": null,
"x": "-------",
"y": "-------"
}
cli.knack.cli: Event: Cli.SuccessfulExecute []
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x10645b6a0>]
az_command_data_logger: exit code: 0
cli.main: Command ran in 0.953 seconds (init: 0.118, invoke: 0.835)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3736 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/opt/homebrew/Cellar/azure-cli/2.61.0/libexec/bin/python /opt/homebrew/Cellar/azure-cli/2.61.0/libexec/lib/python3.11/site-packages/azure/cli/telemetry/init.py /Users/username/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
Show JWK with a
key_opsprop name for key parametersEnvironment Summary
azure-cli 2.61.0 *
core 2.61.0 *
telemetry 1.1.0
Extensions:
application-insights 1.0.0
Dependencies:
msal 1.28.0
azure-mgmt-resource 23.1.1
Additional context
No response
The text was updated successfully, but these errors were encountered: