-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Identity] Expose MsaPassthrough as an option #31227
Conversation
API change check APIView has identified API level changes in this PR and created following API reviews. |
|
||
/// <summary> | ||
/// Creates a new instance of <see cref="InteractiveBrowserCredentialBrokerOptions"/> to configure a <see cref="InteractiveBrowserCredential"/>. | ||
/// </summary> | ||
/// <param name="parentWindowHandle">Handle of the parent window the system authentication broker should be docked to.</param> | ||
public InteractiveBrowserCredentialBrokerOptions(IntPtr parentWindowHandle) : base() | ||
/// <param name="msaPassthrough">A legacy option available only to old Microsoft applications. Should be avoided where possible. Support is experimental.</param> | ||
public InteractiveBrowserCredentialBrokerOptions(IntPtr parentWindowHandle, bool msaPassthrough = false) : base() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New default param is a subtle breaking change (a binary breaking change). Prefer to use a new ctor.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for reviewing and good to know that :) Azure.Identity.BrokeredAuthentication
is a beta so I thought we needn't worry too much about breaking change. Anyway, I'll let @schaabs 's team decide the final look of the API.
|
||
/// <summary> | ||
/// Creates a new instance of <see cref="InteractiveBrowserCredentialBrokerOptions"/> to configure a <see cref="InteractiveBrowserCredential"/>. | ||
/// </summary> | ||
/// <param name="parentWindowHandle">Handle of the parent window the system authentication broker should be docked to.</param> | ||
public InteractiveBrowserCredentialBrokerOptions(IntPtr parentWindowHandle) : base() | ||
/// <param name="msaPassthrough">A legacy option available only to old Microsoft applications. Should be avoided where possible. Support is experimental.</param> | ||
public InteractiveBrowserCredentialBrokerOptions(IntPtr parentWindowHandle, bool msaPassthrough = false) : base() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another way of doing this without exposing public API is to turn on this option based on client id and authority. AzurePS client id is configured as MSA-PT. So basically, hardcode some client_ids.
Afaik, it is not possible to configure an app to move away from being MSA-PT. Identity recommends folks to create a new client_id.
...ty/Azure.Identity.BrokeredAuthentication/api/Azure.Identity.BrokeredAuthentication.net462.cs
Outdated
Show resolved
Hide resolved
Hi @isra-fel. Thank you for your interest in helping to improve the Azure SDK experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment. Otherwise, we'll close this out in 7 days. |
Hi @isra-fel. Thank you for your interest in helping to improve the Azure SDK experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment. Otherwise, we'll close this out in 7 days. |
Hi @isra-fel. Thank you for your contribution. Since there hasn't been recent engagement, we're going to close this out. Feel free to respond with a comment containing "/reopen" if you'd like to continue working on these changes. Please be sure to use the command to reopen or remove the "no-recent-activity" label; otherwise, this is likely to be closed again with the next cleanup pass. |
This PR exposes the
WindowsBrokerOptions.MsaPassthrough
option of MSAL to two credential option types ofAzure.Identity.BrokeredAuthentication
libraries as it's essential to supporting MSA account.Contributing to the Azure SDK
Please see our CONTRIBUTING.md if you are not familiar with contributing to this repository or have questions.
For specific information about pull request etiquette and best practices, see this section.