pac org list behaviour

[EduardRiera]

I have CLI installed.
pac auth list, show no results
pac org who, says I am not connected.
But pac org list show a list of environments.
Which user is using? To which tenant is connected? How can I clear the pac org list? Where is this data stored/cached in my computer?

When I run "path auth clear" I see a file called tokencache_msalv3.dat gets deleted from my app folder.
Then if I run pac org list, this file is created again.

It seems this file is related to using MSAL library for autentication. Could it be that pac org list is using my local windows account in order to connect to my company tenant and get the the org list from there?

Is the expected behaviour? It has nothing to do with the behaviour of the other PAC CLI commands. They tend to respect the pac org who.

Is the source code of "pac org list" available?

[petrochuk]

If you have no auth profile PAC CLI will try to use your Windows identity using MSAL's: Web Account Manager (WAM)

[EduardRiera]

Can I avoid that? I would like to see only the environments my pac auth list users are able to connect to (usually my client's identity), not my windows identity (my company).
By the way, my windows identity has too many environments listed. All of my VStudio colleagues appears there... Is that expected?
Is a little unexpected to run "pac org who" and see that I am connected to my client's tenant with my client's identity and after that run "pac org list" an see a bunch of unrelated environments belonging to my company.

[petrochuk]

yes, you can. Operating System account only used when you have no auth profiles defined. If you want to use some other identity just create new auth profile by calling "pac auth create --environment YourDefaultEnvironmentName". This will be your default auth profile with default environment every pac cli command will use

[EduardRiera]

But it doesn't work as you said. I have one single pac auth create with my client's identity (that has noting to do with windows account) and still pac org list show the environments related to my windows account.

[tehcrashxor]

It should work as petrochuk described, though there was a now-fixed bug in PAC at the time this was opened that could cause it to misbehave.

As part of our path to replacing the Dataverse and Admin AuthProfile --kinds with the Universal AuthProfile type, commands which used the Dataverse APIs (eg pac org who) would try to grab an active Auth Profile in the order Dataverse -> Universal -> Windows, stopping once it found a valid active auth profile. Likewise, Admin endpoints (eg pac admin list) would search for AuthProfile as Admin -> Universal -> Windows.

The bug I mentioned was that pac org list was using the Admin search pattern instead of the expected Dataverse search pattern, so if you had a Dataverse profile in Contoso, and were logged into Windows with a Fabrikam account, pac org who would find and use the Dataverse profile, but pac org list would find neither an Admin or Universal and use the Windows auth to the other tenant.

That bug has since been fixed, and there's some work going on to make sure we list which Auth Profile is being used for several commands to help reduce the confusion.

[EduardRiera]

Trying to be clear. I am logged in my local workstation as [email protected] (windows user). In contoso.com I have access to several D365 environments.
In "pact auth list" I only see a single connection to a fabrikam.com environment, logged in as [email protected].
When running "pac org who", shows that I am [email protected] logged into a fabrikam environment.
But when I run "pac org list" shows a list of contoso.com environments.

[EduardRiera]

I think for "pac org list" it would be cleaner to have a parameter like -identity with posible values windowsUser (your local windows identity) vs orgUser (whatever "pac org who" returns).