Enhancement Request: `azurerm` backend OIDC (Workload Identity federation) authentication support for token refresh

[jaredfholgate]

Terraform Version

latest

Use Cases

As a Terraform user with remote state in Azure Blob Storage, I want to use OIDC (Workload identity federation) authentication with Azure DevOps and not have to worry about id token expiration.

Attempted Solutions

There are no good work arounds for this.

Proposal

Use the new azurepiplinescredential classes to automatically refresh the id token: https://devblogs.microsoft.com/azure-sdk/improve-security-posture-in-azure-service-connections-with-azurepipelinescredential/

References

• Enhancement Request: azurerm backend authentication upgrade to match provider #34322 (related)

[crw]

Thanks for this feature request! If you are viewing this issue and would like to indicate your interest, please use the 👍 reaction on the issue description to upvote this issue. We also welcome additional use case descriptions. Thanks again!

[Nilsas]

Hi @crw is there a timeline on this? MS is pushing towards workload identities, would be great if this is supported.

[jaredfholgate]

This PR will help to get there: #36258

Also see the comment on this Issue. We have been discussing this internally. The plan is to support all Microsoft Azure providers and the azurerm backend: #34322 (comment)

Timescale is still unknown, but progress is being made.

CC: @magodo

[magodo]

@jaredfholgate Update

• AzureRM PR: dependencies: update go-azure-sdk to v0.20250131.1134653 terraform-provider-azurerm#28674 (comment)
• AzureAD PR: dependencies: update go-azure-sdk to v0.20250131.1134653 terraform-provider-azuread#1635
• Azure Backend RP: Backend/azure: Update go-azure-sdk version to v0.20250131.1134653 #36458

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.