Share Azure CLI's MSAL token cache with Azure Identity

[jiasli]

Related command
az login

Is your feature request related to a problem? Please describe.
I'm using AzureCliCredential from Azure Identity as one of multiple authentication methods for a CLI. It is calling az account get-access-token in a subprocess, which is rather slow, even if we cache the returned token in memory. This slowness is annoying when the user is executing commands frequently.

Describe the solution you'd like
Azure CLI uses a dedicated MSAL token cache which is persisted at ~/.azure/msal_token_cache.bin or ~/.azure/msal_token_cache.json, which is not supposed to be read by other programs.

Azure CLI can save its MSAL token cache to %LOCALAPPDATA%\.IdentityService\msal.cache (Windows) ~/.IdentityService/msal.cache (Linux, MacOS) so that SharedTokenCacheCredential can read from it:

https://github.com/Azure/azure-sdk-for-python/blob/47108e9251cd706f48bea359a388b6c8fd161faf/sdk/identity/azure-identity/azure/identity/_persistent_cache.py#L77-L92

The disadvantage is that Azure CLI's MSAL cache can easily be changed or corrupted without Azure CLI's notice. Handling that will be very difficult.

Describe alternatives you've considered
SharedTokenCacheCredential can take ~/.azure/msal_token_cache.bin as input.

Additional context
Related:

• [Enhancement Proposal] Share login context between Azure CLI and Azure PowerShell #16460

[yonzhan]

Share Azure CLI's MSAL token cache