use the latest auzre/powershell@v3 (#581)

* upgrade nodejs from 20 to 24 and update dependencies

* update installation step of ps

* update az account count check

* upgrade actions/checkout and actions/setup-node from 4 to 6

* remove empty lines

.github/CODEOWNERS

@@ -1 +1 @@
-@kaverma @kanika1894 @BALAGA-GAYATRI @pulkitaggarwl 
+@YanaXu

.github/workflows/azure-login-canary.yml

@@ -30,7 +30,7 @@ jobs:
            az --version
            
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         
       - name: 'Az CLI login with subscription'
         uses: azure/login@v1
@@ -89,4 +89,3 @@ jobs:
           - name: Post to slack
             shell: bash
             run: curl -X POST -H 'Content-type:application/json' --data '{"blocks":[{"type":"section","text":{"type":"mrkdwn","text":"${{steps.slack_report.outputs.report}}"}}]}' https://hooks.slack.com/services/${{SECRETS.SLACK_CHANNEL_SECRET}}
-

.github/workflows/azure-login-integration-tests.yml

@@ -37,7 +37,7 @@ jobs:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
           enable-AzPSSession: true
           
-      - uses: azure/powershell@v1
+      - uses: azure/powershell@v3
         with:
           inlineScript: "(Get-AzContext).Environment.Name"
           azPSVersion: "latest"
@@ -49,7 +49,7 @@ jobs:
           enable-AzPSSession: true
           allow-no-subscriptions: true
         
-      - uses: azure/powershell@v1
+      - uses: azure/powershell@v3
         with:
           inlineScript: "(Get-AzContext).Environment.Name"
           azPSVersion: "latest"
@@ -87,7 +87,7 @@ jobs:
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID }} 
           enable-AzPSSession: true
           
-      - uses: azure/powershell@v1
+      - uses: azure/powershell@v3
         with:
           inlineScript: "(Get-AzContext).Environment.Name"
           azPSVersion: "latest"
@@ -100,7 +100,7 @@ jobs:
           enable-AzPSSession: true
           allow-no-subscriptions: true
         
-      - uses: azure/powershell@v1
+      - uses: azure/powershell@v3
         with:
           inlineScript: "(Get-AzContext).Environment.Name"
           azPSVersion: "latest"
@@ -126,4 +126,4 @@ jobs:
 
           - name: Post to slack
             shell: bash
-            run: curl -X POST -H 'Content-type:application/json' --data '{"blocks":[{"type":"section","text":{"type":"mrkdwn","text":"${{steps.slack_report.outputs.report}}"}}]}' https://hooks.slack.com/services/${{SECRETS.SLACK_CHANNEL_SECRET}}
+            run: curl -X POST -H 'Content-type:application/json' --data '{"blocks":[{"type":"section","text":{"type":"mrkdwn","text":"${{steps.slack_report.outputs.report}}"}}]}' https://hooks.slack.com/services/${{SECRETS.SLACK_CHANNEL_SECRET}}

.github/workflows/azure-login-negative.yml

@@ -19,12 +19,12 @@ jobs:
     steps:
 
     - name: 'Checking out repo code'
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
-    - name: Set Node.js 20.x for GitHub Action
-      uses: actions/setup-node@v4
+    - name: Set Node.js 24.x for GitHub Action
+      uses: actions/setup-node@v6
       with:
-        node-version: 20.x
+        node-version: 24.x
 
     - name: 'Validate build'
       run: |
@@ -58,7 +58,7 @@ jobs:
     - name: Run Azure PowerShell
       id: ps_3
       continue-on-error: true
-      uses: azure/powershell@v1
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -82,12 +82,12 @@ jobs:
 
     steps:
     - name: 'Checking out repo code'
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
-    - name: Set Node.js 20.x for GitHub Action
-      uses: actions/setup-node@v4
+    - name: Set Node.js 24.x for GitHub Action
+      uses: actions/setup-node@v6
       with:
-        node-version: 20.x
+        node-version: 24.x
 
     - name: 'Validate build'
       run: |
@@ -186,7 +186,7 @@ jobs:
     - name: Run Azure PowerShell
       id: ps_8
       continue-on-error: true
-      uses: azure/powershell@v1
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -216,7 +216,7 @@ jobs:
     - name: Run Azure PowerShell
       id: ps_9
       continue-on-error: true
-      uses: azure/powershell@v1
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -332,4 +332,4 @@ jobs:
       uses: actions/github-script@v7
       with:
           script: |
-            core.setFailed('Last action should fail but not. Please check it.')
+            core.setFailed('Last action should fail but not. Please check it.')

.github/workflows/azure-login-positive.yml

@@ -18,12 +18,12 @@ jobs:
 
     steps:
     - name: 'Checking out repo code'
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
-    - name: Set Node.js 20.x for GitHub Action
-      uses: actions/setup-node@v4
+    - name: Set Node.js 24.x for GitHub Action
+      uses: actions/setup-node@v6
       with:
-        node-version: 20.x
+        node-version: 24.x
 
     - name: 'Validate build'
       run: |
@@ -47,7 +47,7 @@ jobs:
         az vm list --output none
 
     - name: Run Azure PowerShell
-      uses: azure/powershell@v2
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -69,7 +69,7 @@ jobs:
         az account show --output none
 
     - name: Run Azure PowerShell again
-      uses: azure/powershell@v2
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -92,7 +92,7 @@ jobs:
         az vm list --output none
 
     - name: Run Azure PowerShell
-      uses: azure/powershell@v2
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -110,12 +110,12 @@ jobs:
 
     steps:
     - name: 'Checking out repo code'
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
-    - name: Set Node.js 20.x for GitHub Action
-      uses: actions/setup-node@v4
+    - name: Set Node.js 24.x for GitHub Action
+      uses: actions/setup-node@v6
       with:
-        node-version: 20.x
+        node-version: 24.x
 
     - name: 'Validate build'
       run: |
@@ -160,7 +160,7 @@ jobs:
         az vm list --output none
  
     - name: Run Azure PowerShell
-      uses: azure/powershell@v2
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -183,7 +183,7 @@ jobs:
         az account show --output none
 
     - name: Run Azure PowerShell again
-      uses: azure/powershell@v2
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -203,13 +203,13 @@ jobs:
     - name: Run Azure Cli
       shell: pwsh
       run: |
-        $checkResult = (az account list --output json | ConvertFrom-Json).Count -eq 3
+        $checkResult = (az account list --output json | ConvertFrom-Json).Count -eq 2
         if(-not $checkResult){
             throw "Not all checks passed!"
         }
 
     - name: Run Azure PowerShell
-      uses: azure/powershell@v2
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -230,7 +230,7 @@ jobs:
         az account show --output none
 
     - name: Run Azure PowerShell
-      uses: azure/powershell@v2
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -245,12 +245,12 @@ jobs:
     environment: Automation test
     steps:
     - name: 'Checking out repo code'
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
-    - name: Set Node.js 20.x for GitHub Action
-      uses: actions/setup-node@v4
+    - name: Set Node.js 24.x for GitHub Action
+      uses: actions/setup-node@v6
       with:
-        node-version: 20.x
+        node-version: 24.x
       
     - name: Install Azure CLI
       run: |
@@ -265,11 +265,12 @@ jobs:
     - name: Install Powershell
       run: |
         apt-get update
-        apt-get install -y wget
-        wget https://mirror.it.ubc.ca/ubuntu/pool/main/i/icu/libicu72_72.1-3ubuntu3_amd64.deb
-        dpkg -i libicu72_72.1-3ubuntu3_amd64.deb
-        wget https://github.com/PowerShell/PowerShell/releases/download/v7.4.3/powershell_7.4.3-1.deb_amd64.deb
-        dpkg -i powershell_7.4.3-1.deb_amd64.deb
+        apt-get install -y wget apt-transport-https software-properties-common
+        wget -q "https://packages.microsoft.com/config/ubuntu/24.04/packages-microsoft-prod.deb"
+        dpkg -i packages-microsoft-prod.deb
+        rm packages-microsoft-prod.deb
+        apt-get update
+        apt-get install -y powershell
 
     - name: Check Powershell Version
       shell: pwsh
@@ -308,8 +309,8 @@ jobs:
         az group list --output none
 
     - name: Run Azure PowerShell again
-      uses: azure/powershell@v2
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
-          $checkResult = Get-AzResourceGroup
+          $checkResult = Get-AzResourceGroup

.github/workflows/azure-login-pr-check.yml

@@ -10,16 +10,16 @@ jobs:
      runs-on: windows-latest
      steps:
        - name: Checkout from PR branch  
-         uses: actions/checkout@v4
+         uses: actions/checkout@v6
          with: 
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.ref }}
 
-         # Using 20.x version as an example
-       - name: Set Node.js 20.x for GitHub Action
-         uses: actions/setup-node@v4
+         # Using 24.x version as an example
+       - name: Set Node.js 24.x for GitHub Action
+         uses: actions/setup-node@v6
          with:
-           node-version: 20.x
+           node-version: 24.x
 
        - name: installing node_modules
          run: npm install 

.github/workflows/ci.yml

@@ -18,12 +18,12 @@ jobs:
     steps:
 
     - name: 'Checking out repo code'
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
-    - name: Set Node.js 20.x for GitHub Action
-      uses: actions/setup-node@v4
+    - name: Set Node.js 24.x for GitHub Action
+      uses: actions/setup-node@v6
       with:
-        node-version: 20.x
+        node-version: 24.x
 
     - name: 'Validate build'
       run: |

.github/workflows/codeql.yml

@@ -19,7 +19,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v6
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/markdownlint.yml

@@ -7,11 +7,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Use Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
-          node-version: 20.x
+          node-version: 24.x
       - name: Run Markdownlint
         run: |
           npm i -g markdownlint-cli2

README.md

@@ -193,7 +193,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Azure login
-        uses: azure/login@v2
+        uses: azure/login@v3
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -223,7 +223,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Azure login
-        uses: azure/login@v2
+        uses: azure/login@v3
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -238,7 +238,7 @@ jobs:
             az account show
 
       - name: Azure PowerShell script
-        uses: azure/powershell@v2
+        uses: azure/powershell@v3
         with:
           azPSVersion: "latest"
           inlineScript: |
@@ -285,7 +285,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: azure/login@v2
+    - uses: azure/login@v3
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
 
@@ -312,7 +312,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: azure/login@v2
+    - uses: azure/login@v3
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
         enable-AzPSSession: true
@@ -325,7 +325,7 @@ jobs:
           az account show
 
     - name: Azure PowerShell script
-      uses: azure/powershell@v2
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -335,7 +335,7 @@ jobs:
 If you want to pass subscription ID, tenant ID, client ID, and client secret as individual parameters instead of bundling them in a single JSON object to address the [security concerns](https://docs.github.com/actions/security-guides/encrypted-secrets), below snippet can help with the same.
 
 ```yaml
-  - uses: azure/login@v2
+  - uses: azure/login@v3
     with:
       creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
 ```
@@ -379,7 +379,7 @@ jobs:
     runs-on: self-hosted
     steps:
       - name: Azure login
-        uses: azure/login@v2
+        uses: azure/login@v3
         with:
           auth-type: IDENTITY
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -396,7 +396,7 @@ jobs:
             az account show
 
       - name: Azure PowerShell script
-        uses: azure/powershell@v2
+        uses: azure/powershell@v3
         with:
           azPSVersion: "latest"
           inlineScript: |
@@ -445,7 +445,7 @@ jobs:
     runs-on: self-hosted
     steps:
       - name: Azure login
-        uses: azure/login@v2
+        uses: azure/login@v3
         with:
           auth-type: IDENTITY
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
@@ -463,7 +463,7 @@ jobs:
             az account show
 
       - name: Azure PowerShell script
-        uses: azure/powershell@v2
+        uses: azure/powershell@v3
         with:
           azPSVersion: "latest"
           inlineScript: |
@@ -485,7 +485,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: azure/login@v2
+    - uses: azure/login@v3
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
         environment: 'AzureUSGovernment'
@@ -507,7 +507,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - uses: azure/login@v2
+    - uses: azure/login@v3
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
         environment: 'AzureStack'
@@ -534,7 +534,7 @@ jobs:
     steps:
 
     - name: Azure Login
-      uses: azure/login@v2
+      uses: azure/login@v3
       with:
         client-id: ${{ secrets.AZURE_CLIENT_ID }}
         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -549,7 +549,7 @@ jobs:
           az account show
 
     - name: Run Azure PowerShell
-      uses: azure/powershell@v2
+      uses: azure/powershell@v3
       with:
         azPSVersion: "latest"
         inlineScript: |
@@ -597,7 +597,7 @@ jobs:
 
     # enable cleanup for the 1st Azure Login
     - name: Azure Login
-      uses: azure/login@v2
+      uses: azure/login@v3
       env:
         AZURE_LOGIN_PRE_CLEANUP: true
         AZURE_LOGIN_POST_CLEANUP: true
@@ -611,7 +611,7 @@ jobs:
 
     # disable cleanup for all other Azure Login
     - name: Azure Login 2
-      uses: azure/login@v2
+      uses: azure/login@v3
       env:
         AZURE_LOGIN_PRE_CLEANUP: false
         AZURE_LOGIN_POST_CLEANUP: false
@@ -625,7 +625,7 @@ jobs:
 
     # disable cleanup for all other Azure Login
     - name: Azure Login 3
-      uses: azure/login@v2
+      uses: azure/login@v3
       env:
         AZURE_LOGIN_PRE_CLEANUP: false
         AZURE_LOGIN_POST_CLEANUP: false
@@ -652,7 +652,7 @@ jobs:
     steps:
 
     - name: Azure Login
-      uses: azure/login@v2
+      uses: azure/login@v3
       env:
         AZURE_LOGIN_PRE_CLEANUP: ${{ startsWith(runner.name, 'GitHub Actions') }}
         AZURE_LOGIN_POST_CLEANUP: ${{ startsWith(runner.name, 'GitHub Actions') }}
@@ -679,7 +679,7 @@ Internally in this action, we use azure CLI and execute `az login` with the cred
 
 ### GitHub Action
 
-[GitHub Actions](https://help.github.com/articles/about-github-actions) gives you the flexibility to build an automated software development lifecycle workflow.
+[GitHub Actions](https://docs.github.com/actions) gives you the flexibility to build an automated software development lifecycle workflow.
 
 ### GitHub Actions for deploying to Azure
 
@@ -705,4 +705,4 @@ provided by the bot. You will only need to do this once across all repos using o
 
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
-contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.

__tests__/LoginConfig.test.ts

@@ -245,7 +245,7 @@ describe("LoginConfig Test", () => {
 
         let loginConfig = new LoginConfig();
         await loginConfig.initialize();
-        testValidateWithErrorMessage(loginConfig, "Ensure subscriptionId is supplied.");
+        testValidateWithErrorMessage(loginConfig, "Ensure 'subscription-id' is supplied or 'allow-no-subscriptions' is 'true'.");
     });
 
     test('validate without subscriptionId and allowNoSubscriptionsLogin=true', async () => {

action.yml

@@ -38,7 +38,7 @@ branding:
   icon: 'login.svg'
   color: 'blue'
 runs:
-  using: 'node20'
+  using: 'node24'
   main: 'lib/main/index.js'
   post-if: (!env.AZURE_LOGIN_POST_CLEANUP || env.AZURE_LOGIN_POST_CLEANUP != 'false')
   post: 'lib/cleanup/index.js'

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "login",
-  "version": "2.2.0",
+  "version": "3.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "login",
-      "version": "2.2.0",
+      "version": "3.0.0",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "1.9.1",
@@ -16,7 +16,7 @@
       },
       "devDependencies": {
         "@types/jest": "^29.2.4",
-        "@types/node": "^20.11.1",
+        "@types/node": "^24.0.0",
         "@vercel/ncc": "^0.38.1",
         "jest": "^29.3.1",
         "jest-circus": "^29.3.1",
@@ -77,73 +77,20 @@
       }
     },
     "node_modules/@babel/code-frame": {
-      "version": "7.23.5",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
+      "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/highlight": "^7.23.4",
-        "chalk": "^2.4.2"
+        "@babel/helper-validator-identifier": "^7.28.5",
+        "js-tokens": "^4.0.0",
+        "picocolors": "^1.1.1"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
-    "node_modules/@babel/code-frame/node_modules/ansi-styles": {
-      "version": "3.2.1",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "color-convert": "^1.9.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/code-frame/node_modules/chalk": {
-      "version": "2.4.2",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "ansi-styles": "^3.2.1",
-        "escape-string-regexp": "^1.0.5",
-        "supports-color": "^5.3.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/code-frame/node_modules/color-convert": {
-      "version": "1.9.3",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "color-name": "1.1.3"
-      }
-    },
-    "node_modules/@babel/code-frame/node_modules/color-name": {
-      "version": "1.1.3",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/@babel/code-frame/node_modules/escape-string-regexp": {
-      "version": "1.0.5",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=0.8.0"
-      }
-    },
-    "node_modules/@babel/code-frame/node_modules/supports-color": {
-      "version": "5.5.0",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "has-flag": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/@babel/compat-data": {
       "version": "7.20.5",
       "dev": true,
@@ -321,7 +268,9 @@
       }
     },
     "node_modules/@babel/helper-string-parser": {
-      "version": "7.23.4",
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
+      "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -329,7 +278,9 @@
       }
     },
     "node_modules/@babel/helper-validator-identifier": {
-      "version": "7.22.20",
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
+      "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -345,91 +296,28 @@
       }
     },
     "node_modules/@babel/helpers": {
-      "version": "7.20.6",
+      "version": "7.29.2",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.29.2.tgz",
+      "integrity": "sha512-HoGuUs4sCZNezVEKdVcwqmZN8GoHirLUcLaYVNBK2J0DadGtdcqgr3BCbvH8+XUo4NGjNl3VOtSjEKNzqfFgKw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/template": "^7.18.10",
-        "@babel/traverse": "^7.20.5",
-        "@babel/types": "^7.20.5"
+        "@babel/template": "^7.28.6",
+        "@babel/types": "^7.29.0"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
-    "node_modules/@babel/highlight": {
-      "version": "7.23.4",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@babel/helper-validator-identifier": "^7.22.20",
-        "chalk": "^2.4.2",
-        "js-tokens": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=6.9.0"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/ansi-styles": {
-      "version": "3.2.1",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "color-convert": "^1.9.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/chalk": {
-      "version": "2.4.2",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "ansi-styles": "^3.2.1",
-        "escape-string-regexp": "^1.0.5",
-        "supports-color": "^5.3.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/color-convert": {
-      "version": "1.9.3",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "color-name": "1.1.3"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/color-name": {
-      "version": "1.1.3",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/@babel/highlight/node_modules/escape-string-regexp": {
-      "version": "1.0.5",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=0.8.0"
-      }
-    },
-    "node_modules/@babel/highlight/node_modules/supports-color": {
-      "version": "5.5.0",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "has-flag": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/@babel/parser": {
-      "version": "7.23.9",
+      "version": "7.29.2",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.2.tgz",
+      "integrity": "sha512-4GgRzy/+fsBa72/RZVJmGKPmZu9Byn8o4MoLpmNe1m8ZfYnz5emHLQz3U4gLud6Zwl0RZIcgiLD7Uq7ySFuDLA==",
       "dev": true,
       "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.29.0"
+      },
       "bin": {
         "parser": "bin/babel-parser.js"
       },
@@ -601,13 +489,15 @@
       }
     },
     "node_modules/@babel/template": {
-      "version": "7.23.9",
+      "version": "7.28.6",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.28.6.tgz",
+      "integrity": "sha512-YA6Ma2KsCdGb+WC6UpBVFJGXL58MDA6oyONbjyF/+5sBgxY/dwkhLogbMT2GXXyU84/IhRw/2D1Os1B/giz+BQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/code-frame": "^7.23.5",
-        "@babel/parser": "^7.23.9",
-        "@babel/types": "^7.23.9"
+        "@babel/code-frame": "^7.28.6",
+        "@babel/parser": "^7.28.6",
+        "@babel/types": "^7.28.6"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -634,13 +524,14 @@
       }
     },
     "node_modules/@babel/types": {
-      "version": "7.23.9",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz",
+      "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-string-parser": "^7.23.4",
-        "@babel/helper-validator-identifier": "^7.22.20",
-        "to-fast-properties": "^2.0.0"
+        "@babel/helper-string-parser": "^7.27.1",
+        "@babel/helper-validator-identifier": "^7.28.5"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -1077,11 +968,13 @@
       }
     },
     "node_modules/@types/node": {
-      "version": "20.11.19",
+      "version": "24.12.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.12.0.tgz",
+      "integrity": "sha512-GYDxsZi3ChgmckRT9HPU0WEhKLP08ev/Yfcq2AstjrDASOYCSXeyjDsHg4v5t4jOj7cyDX3vmprafKlWIG9MXQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~5.26.4"
+        "undici-types": "~7.16.0"
       }
     },
     "node_modules/@types/prettier": {
@@ -1270,7 +1163,9 @@
       "license": "MIT"
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.11",
+      "version": "1.1.12",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
+      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
@@ -1278,11 +1173,13 @@
       }
     },
     "node_modules/braces": {
-      "version": "3.0.2",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "fill-range": "^7.0.1"
+        "fill-range": "^7.1.1"
       },
       "engines": {
         "node": ">=8"
@@ -1466,7 +1363,9 @@
       "license": "MIT"
     },
     "node_modules/cross-spawn": {
-      "version": "7.0.3",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1638,7 +1537,9 @@
       }
     },
     "node_modules/fill-range": {
-      "version": "7.0.1",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1664,6 +1565,21 @@
       "version": "1.0.0",
       "license": "ISC"
     },
+    "node_modules/fsevents": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
     "node_modules/function-bind": {
       "version": "1.1.1",
       "dev": true,
@@ -1746,14 +1662,6 @@
         "node": ">= 0.4.0"
       }
     },
-    "node_modules/has-flag": {
-      "version": "3.0.0",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/html-escaper": {
       "version": "2.0.2",
       "dev": true,
@@ -1839,6 +1747,8 @@
     },
     "node_modules/is-number": {
       "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2476,11 +2386,15 @@
     },
     "node_modules/js-tokens": {
       "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/js-yaml": {
-      "version": "3.14.1",
+      "version": "3.14.2",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+      "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2551,7 +2465,9 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.21",
+      "version": "4.17.23",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
       "license": "MIT"
     },
     "node_modules/lodash.memoize": {
@@ -2603,11 +2519,13 @@
       "license": "MIT"
     },
     "node_modules/micromatch": {
-      "version": "4.0.5",
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
+      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "braces": "^3.0.2",
+        "braces": "^3.0.3",
         "picomatch": "^2.3.1"
       },
       "engines": {
@@ -2623,7 +2541,9 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "3.1.2",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "license": "ISC",
       "dependencies": {
         "brace-expansion": "^1.1.7"
@@ -2799,7 +2719,9 @@
       "license": "MIT"
     },
     "node_modules/picocolors": {
-      "version": "1.0.0",
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
       "dev": true,
       "license": "ISC"
     },
@@ -3115,16 +3037,10 @@
       "dev": true,
       "license": "BSD-3-Clause"
     },
-    "node_modules/to-fast-properties": {
-      "version": "2.0.0",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/to-regex-range": {
       "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3229,7 +3145,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "5.26.5",
+      "version": "7.16.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
+      "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
       "dev": true,
       "license": "MIT"
     },

package.json

@@ -1,6 +1,6 @@
 {
   "name": "login",
-  "version": "2.2.0",
+  "version": "3.0.0",
   "description": "Login Azure wraps the az login, allowing for Azure actions to log into Azure",
   "main": "lib/main/index.js",
   "scripts": {
@@ -13,7 +13,7 @@
   "license": "MIT",
   "devDependencies": {
     "@types/jest": "^29.2.4",
-    "@types/node": "^20.11.1",
+    "@types/node": "^24.0.0",
     "@vercel/ncc": "^0.38.1",
     "jest": "^29.3.1",
     "jest-circus": "^29.3.1",

src/Cli/AzureCliLogin.ts

@@ -8,6 +8,7 @@ export class AzureCliLogin {
     loginConfig: LoginConfig;
     azPath: string;
     loginOptions: ExecOptions;
+    azVersion: string;
 
     constructor(loginConfig: LoginConfig) {
         this.loginConfig = loginConfig;
@@ -30,7 +31,12 @@ export class AzureCliLogin {
 
         await this.executeAzCliCommand(["version"], true, execOptions);
         core.debug(`Azure CLI version used:\n${output}`);
-
+        try {
+            this.azVersion = JSON.parse(output)["azure-cli"];
+        }
+        catch (error) {
+            core.warning("Failed to parse Azure CLI version.");
+        }
         await this.registerAzurestackEnvIfNecessary();
 
         await this.executeAzCliCommand(["cloud", "set", "-n", this.loginConfig.environment], false);
@@ -108,7 +114,20 @@ export class AzureCliLogin {
     }
 
     async loginWithUserAssignedIdentity(args: string[]) {
-        args.push("--username", this.loginConfig.servicePrincipalId);
+        let azcliMinorVersion = 0;
+        try {
+            azcliMinorVersion = parseInt(this.azVersion.split('.')[1], 10);
+        }
+        catch (error) {
+            core.warning("Failed to parse the minor version of Azure CLI. Assuming the version is less than 2.69.0");
+        }
+        //From Azure-cli v2.69.0, `--username` is replaced with `--client-id`, `--object-id` or `--resource-id`: https://github.com/Azure/azure-cli/pull/30525
+        if (azcliMinorVersion < 69) {
+            args.push("--username", this.loginConfig.servicePrincipalId);
+        }
+        else {
+            args.push("--client-id", this.loginConfig.servicePrincipalId);
+        }
         await this.callCliLogin(args, 'user-assigned managed identity');
     }
 

src/common/LoginConfig.ts

@@ -79,11 +79,16 @@ export class LoginConfig {
             this.mask(this.federatedToken);
         }
         catch (error) {
-            core.error(`Please make sure to give write permissions to id-token in the workflow.`);
+            core.error("Failed to fetch federated token from GitHub. Please make sure to give write permissions to id-token in the workflow.");
             throw error;
         }
-        let [issuer, subjectClaim] = await jwtParser(this.federatedToken);
-        core.info("Federated token details:\n issuer - " + issuer + "\n subject claim - " + subjectClaim);
+        try {
+            let [issuer, subjectClaim, audience, jobWorkflowRef] = await jwtParser(this.federatedToken);
+            core.info("Federated token details:\n issuer - " + issuer + "\n subject claim - " + subjectClaim + "\n audience - " + audience + "\n job_workflow_ref - " + jobWorkflowRef);
+        }
+        catch (error) {
+            core.warning(`Failed to parse the federated token. Error: ${error}`);
+        }
     }
 
     validate() {
@@ -99,7 +104,7 @@ export class LoginConfig {
             }
         }
         if (!this.subscriptionId && !this.allowNoSubscriptionsLogin) {
-            throw new Error("Ensure subscriptionId is supplied.");
+            throw new Error("Ensure 'subscription-id' is supplied or 'allow-no-subscriptions' is 'true'.");
         }
     }
 
@@ -114,5 +119,20 @@ async function jwtParser(federatedToken: string) {
     let tokenPayload = federatedToken.split('.')[1];
     let bufferObj = Buffer.from(tokenPayload, "base64");
     let decodedPayload = JSON.parse(bufferObj.toString("utf8"));
-    return [decodedPayload['iss'], decodedPayload['sub']];
-}
+    const JWT_CLAIM_ISSUER = 'iss';
+    const JWT_CLAIM_SUBJECT = 'sub';
+    const JWT_CLAIM_AUDIENCE = 'aud';
+    const JWT_CLAIM_JOB_WORKFLOW_REF = 'job_workflow_ref';
+    const requiredClaims = [
+        JWT_CLAIM_ISSUER,
+        JWT_CLAIM_SUBJECT,
+        JWT_CLAIM_AUDIENCE,
+        JWT_CLAIM_JOB_WORKFLOW_REF
+    ];
+    for (const claim of requiredClaims) {
+        if (!decodedPayload[claim]) {
+            throw new Error(`The claim '${claim}' is missing from the token payload`);
+        }
+    }
+    return [decodedPayload[JWT_CLAIM_ISSUER], decodedPayload[JWT_CLAIM_SUBJECT], decodedPayload[JWT_CLAIM_AUDIENCE], decodedPayload[JWT_CLAIM_JOB_WORKFLOW_REF]];   
+}