Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQ] Expose claims on Confidential Client flows (user and service pricipal) #40451

Closed
bgavrilMS opened this issue Nov 30, 2023 · 1 comment · Fixed by #40626
Closed

[FEATURE REQ] Expose claims on Confidential Client flows (user and service pricipal) #40451

bgavrilMS opened this issue Nov 30, 2023 · 1 comment · Fixed by #40626
Assignees
@christothes
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@bgavrilMS
Copy link

bgavrilMS commented Nov 30, 2023
edited
Loading

Library name

Azure Identity

Please describe the feature.

Claims are a key part of AAD. Claims can come from both the STS and from the Resource. A few scenarios where claims are important:

  1. For the new token revocation for service principal scenario, which is effectively implemented via CAE. You will get claims from the resource.
  2. In web site and web api scenario, when going across tenants. For example:
  • user gets a token for tenant A and a refresh token.
  • user now silently tries to get a token for tenant B. Normally this works, but the tenant B admin requested configured MFA
  • ESTS responds with an error code indicating that UI is required and with some claims
  • the app should extract the Claims from the MsalUiRequiredException and request a token interactively again (doesn't matter what tenant)
  1. In the "Authentication Context" scenario, which I will not go at lenghts here, but please see this sample (sorry, this is a Java sample because the .NET one is overly complex) - https://github.com/Azure-Samples/ms-identity-msal-java-samples/tree/main/3-java-servlet-web-app/1-Authentication/sign-in-auth-context
@github-actions github-actions bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Nov 30, 2023
@jsquire jsquire added Client This issue points to a problem in the data-plane of the library. Azure.Identity labels Nov 30, 2023
@jsquire jsquire added needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team and removed needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. labels Nov 30, 2023
@jsquire
Copy link
Member

jsquire commented Nov 30, 2023

Thank you for your feedback. Tagging and routing to the team member best able to assist.

@christothes christothes mentioned this issue Dec 7, 2023
Merged
@github-project-automation github-project-automation bot moved this from Untriaged to Done in Azure Identity SDK Improvements Dec 7, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Mar 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@christothes christothes

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
Azure Identity SDK Improvements
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Plumb through .WithCliams to ConfidentialClient credentials christothes/azure-sdk-for-net
3 participants
@jsquire @christothes @bgavrilMS