Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for tenant Id Challenges / tenant discovery in ClientCredentials #15797

Closed
joshfree opened this issue Jun 17, 2021 · 1 comment · Fixed by #15837
Closed

Add support for tenant Id Challenges / tenant discovery in ClientCredentials #15797

joshfree opened this issue Jun 17, 2021 · 1 comment · Fixed by #15837
Assignees
@sadasant
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved.
Milestone
[2021] July

Comments

@joshfree
Copy link
Member

Currently, for services that return challenges which include context about the tenant that can service a failed service request, such as authorization_url,
Azure.Identity does not utilize this information to request a new token with the correct tenantId.

This is a proposal to enhance Azure.Identity to make it possible for service clients to interpret challenges to request tokens for the correct tenant Id, where possible.

The proposal details can be found in this gist

Related: Azure/azure-sdk-for-net#20302
@joshfree joshfree added Client This issue points to a problem in the data-plane of the library. Azure.Identity feature-request This issue requires a new behavior in the product in order be resolved. labels Jun 17, 2021
@joshfree joshfree added this to the [2021] July milestone Jun 17, 2021
This was referenced Jun 17, 2021
Closed
Closed
Closed
Closed
@sadasant
Copy link
Contributor

What to do:

  • Add tenantId to the GetTokenOptions (btw, follow what happened to claims. I remember that the architects had some issues with it, but I don’t remember how this ended up).
  • Add tenantId and allowMultiTenantAuthentication to all of the credential options.
  • allowMultiTenantAuthentication should default to false.
  • If a different tenantId is received on getToken than the one configured, we should throw unless allowMultiTenantAuthentication is specified.

@sadasant sadasant mentioned this issue Jun 18, 2021
Merged
@ghost ghost closed this as completed in #15837 Jun 30, 2021
ghost pushed a commit that referenced this issue Jun 30, 2021
@sadasant
[Identity] Support for tenant Id Challenges / tenant discovery in Cli…
d8407ad 
…entCredentials (#15837)

This PR adds `tenantId` to the `getTokenOptions`, and adds options on every Identity credential to allow multi-tenant authentication (which will be disabled by default).

Fixes #15797
@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sadasant sadasant

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved.
Projects
None yet
Milestone
[2021] July
2 participants
@sadasant @joshfree