Allow client_id/client_secret authentication for Azure Key Vault and Trusted Signing

[spfeiffer-iem]

Azuresigntool allows authentication by access token or by client_id/client_secret. jsign only supports access token. This was briefly discussed as "nice improvement" in #287

Obtaining an access token requires a web browser login (with 2FA in our case), while client_id/client_secret does not. For automated signing in CI pipelines using the latter would be much easier.

It would be very nice to have that functionality directly supported by jsign.

Thank you very much!

[ebourg]

There is no way to get an access token from client_id/client_secret using the Azure CLI?

[ebourg]

Something like this maybe? (suggested by ChatGPT, I'm not an Azure expert)

az login --service-principal -u "YOUR_CLIENT_ID" -p "YOUR_CLIENT_SECRET" --tenant "YOUR_TENANT_ID"
az account get-access-token --resource https://vault.azure.net

[spfeiffer-iem]

I was not aware only using the az CLI client is a prerequisite:
#287 (comment) describes a workaround, isn't this viable for inclusion in jsign?

[spfeiffer-iem]

@ebourg But you are right, "az login" seems to support this case, so we can generate that token using the service principal without browser interaction. So this feature is not needed in jsign, i think. Sorry for opening that issue. If this works i will offer a documentation PR that describes that.