According to https://github.com/terraform-providers/terraform-provider-azurerm/issues/3814 the azurerm terraform provider does not have enough information from the access token created by az login --service-principal.
I wonder, why is that? Because according to what I can see the accessTokens.json file contains the actual service principal password in clear text (it is named accessToken, but in my experiments it was always the actual password) as well as the service principal appId (servicePrincipalId) and the service principal tenant (servicePrincipalTenant).
This should be enough to login to azure. So, what is the problem?