Add support for signing in using multiple accounts. MSAL supports this capability natively so we can build on top of it.
m365 connection list specs
Show the list of available connections
Usage
m365 connection list [options]
Options
No options
Examples
Returns a list of available connections:
m365 connection use specs
When signed in with multiple identities, switch to another connection
Usage
m365 connection use [options]
Options
| Option |
Description |
-n, --name <name> |
The name of the connection to switch to. Can be found by running m365 connection list. |
Remarks
-
The Id used here is the localAccountId as MSAL returns it. That way we can find the account to logout from. My proposition is to add that localAccountId as an extra property identityId on the m365 status output. This id should also be saved in our cache, so we we know what MSAL account to switch to and logout from.
-
The name property is the value as visible in the name property when running m365 connection list. By default it is a combination of principal object Id and tenant Id. But it can be configured using m365 connection set.
-
Failures: When the command fails, the user should be put into an identity-less state, otherwise side effects might occur in scripts where people expected an identity to be selected, while in fact the previously selected identity is used.
Note: We currently have two caches: 1) The MSAL token cache which is saved to a file .cli-m365-msal.json and b) Our own cache which saves the auth.service object and is saved to .cli-m365-tokens.json. Because we are now able to log into multiple accounts, we should save the localAccountId, as a link between both caches. If we do it like this, the caching can just remain the same. The list of connections can be saved to a separate json file.
Examples
Switch to another connection by a default connection name:
m365 connection use --name '0bb7cb89-7fae-4775-a01a-c372cc167371_64e87598-07a8-4fa8-a926-862410eeec84'
Switch to another connection by a custom connection name:
m365 connection use --name 'my connection'
m365 connection set specs
When signed in with multiple identities, update a specified connection
Usage
m365 connection set [options]
Options
| Option |
Description |
-n, --name <name> |
The name of the connection to update. Can be found by running m365 connection list. |
--newName <newName> |
The new name of the connection. |
Examples
Update a connection with a new name
m365 connection remove --name '0bb7cb89-7fae-4775-a01a-c372cc167371_64e87598-07a8-4fa8-a926-862410eeec84' --newName 'my connection'
m365 connection remove specs
When signed in with multiple identities, remove a connection
Usage
m365 connection remove [options]
Options
| Option |
Description |
-n, --name <name> |
The name of the connection to remove to. Can be found by running m365 connection list. |
Examples
Remove a connection by a default connection name:
m365 connection remove --name '0bb7cb89-7fae-4775-a01a-c372cc167371_64e87598-07a8-4fa8-a926-862410eeec84'
Remove a connection by a custom connection name:
m365 connection remove --name 'my connection'
Discussed in #3453
Originally posted by oweiler June 29, 2022
In my quest to get rid of all basic auth usage inside my Microsoft 365 tenant, I happened upon this project as a potential solution. Most of my basic auth usage revolves around sending and receiving emails in exchange which this project provides. I'm now looking to extend this functionality to multiple Azure AD identities/exchange mailboxes but use them all within a single linux login. Using basic auth, this was relatively simple: keep protected files with usernames/passwords as resources to curl to get and send mail from/to that mailbox.
With cli-microsoft365, reading about persistent connections, I'm not sure it's that simple? One way I could see doing what I need is to keep a version of .cli-m365-msal.json and .cli-m365-tokens.json for each mailbox/M365 identity I want to manipulate but this has the obvious drawback that I can only perform operations on a single identity at a time.
I looked into the options provided by the m365 login command but they all seem to end up in a place where the .cli-m365-msal.json and .cli-m365-tokens.json point to a single Azure AD identity.
What's the right way to handle multiple Azure AD identities from a single login/user on a linux system?
Add support for signing in using multiple accounts. MSAL supports this capability natively so we can build on top of it.
logincommand so that it doesn't log out previously signed in user. Also, after signing in, it adds the identity to the list of available connections (if it wasn't already present in the list) and sets this connection as activelogincommand to set the connection name when logging in:--connectionNamelogoutcommand will sign out of all connectionsconnection listcommand to show a list of all signed in users (m365 statuswill keep returning the currently active identity)connection usecommand to select which identity to use:m365 connection use --identity <identity>, whereidentityis a human-readable identifier of the signed in identities to choose from. The selected identity get set as active and will be used by CLI when running commands. If user selects an invalid identity, we keep the previously selected identity as active.connection setcommand to update the connection nameconnection removecommand to remove/signout from a connection by name. If you remove the active connection account, leave the CLI in identity-less state. CLI will prompt you to login or select a connection (if available)m365 connection list specs
Show the list of available connections
Usage
Options
No options
Examples
Returns a list of available connections:
m365 connection use specs
When signed in with multiple identities, switch to another connection
Usage
Options
-n, --name <name>m365 connection list.Remarks
The Id used here is the
localAccountIdas MSAL returns it. That way we can find the account to logout from. My proposition is to add thatlocalAccountIdas an extra propertyidentityIdon the m365 status output. This id should also be saved in our cache, so we we know what MSAL account to switch to and logout from.The
nameproperty is the value as visible in thenameproperty when runningm365 connection list. By default it is a combination of principal object Id and tenant Id. But it can be configured usingm365 connection set.Failures: When the command fails, the user should be put into an identity-less state, otherwise side effects might occur in scripts where people expected an identity to be selected, while in fact the previously selected identity is used.
Examples
Switch to another connection by a default connection name:
m365 connection use --name '0bb7cb89-7fae-4775-a01a-c372cc167371_64e87598-07a8-4fa8-a926-862410eeec84'Switch to another connection by a custom connection name:
m365 connection use --name 'my connection'm365 connection set specs
When signed in with multiple identities, update a specified connection
Usage
m365 connection set [options]Options
-n, --name <name>m365 connection list.--newName <newName>Examples
Update a connection with a new name
m365 connection remove specs
When signed in with multiple identities, remove a connection
Usage
Options
-n, --name <name>m365 connection list.Examples
Remove a connection by a default connection name:
m365 connection remove --name '0bb7cb89-7fae-4775-a01a-c372cc167371_64e87598-07a8-4fa8-a926-862410eeec84'Remove a connection by a custom connection name:
m365 connection remove --name 'my connection'Discussed in #3453
Originally posted by oweiler June 29, 2022
In my quest to get rid of all basic auth usage inside my Microsoft 365 tenant, I happened upon this project as a potential solution. Most of my basic auth usage revolves around sending and receiving emails in exchange which this project provides. I'm now looking to extend this functionality to multiple Azure AD identities/exchange mailboxes but use them all within a single linux login. Using basic auth, this was relatively simple: keep protected files with usernames/passwords as resources to curl to get and send mail from/to that mailbox.
With cli-microsoft365, reading about persistent connections, I'm not sure it's that simple? One way I could see doing what I need is to keep a version of .cli-m365-msal.json and .cli-m365-tokens.json for each mailbox/M365 identity I want to manipulate but this has the obvious drawback that I can only perform operations on a single identity at a time.
I looked into the options provided by the m365 login command but they all seem to end up in a place where the .cli-m365-msal.json and .cli-m365-tokens.json point to a single Azure AD identity.
What's the right way to handle multiple Azure AD identities from a single login/user on a linux system?