Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should the authority host be read from the environment variable AZURE_AUTHORITY_HOST if the user doesn't pass it in the options? #4875

Closed
ahsonkhan opened this issue Aug 12, 2023 · 1 comment · Fixed by #4980
Closed

Should the authority host be read from the environment variable AZURE_AUTHORITY_HOST if the user doesn't pass it in the options? #4875

ahsonkhan opened this issue Aug 12, 2023 · 1 comment · Fixed by #4980
Assignees
@ahsonkhan
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. design-discussion An area of design currently under discussion and open to team and community feedback.
Milestone
2023-10

Comments

@ahsonkhan
Copy link
Member

We currently default the authority host within the options which are used in the various credentials we have, and don't read it from the environment variable on behalf of the user.

azure-sdk-for-cpp/sdk/identity/azure-identity/inc/azure/identity/client_certificate_credential.hpp

Lines 43 to 53 in 69e5f1a

struct ClientCertificateCredentialOptions final : public Core::Credentials::TokenCredentialOptions
{
/**
* @brief Authentication authority URL.
* @note Default value is Azure AD global authority (https://login.microsoftonline.com/).
*
* @note Example of an authority host string: "https://login.microsoftonline.us/". See national
* clouds' Azure AD authentication endpoints:
* https://docs.microsoft.com/azure/active-directory/develop/authentication-national-cloud.
*/
std::string AuthorityHost = _detail::ClientCredentialCore::AadGlobalAuthority;

This is different from behaviors in other languages, like Go and .NET.
https://github.com/Azure/azure-sdk-for-net/blob/d90042d570a6531d7f7ed97e82ddfe95c730158b/sdk/identity/Azure.Identity/src/Credentials/TokenCredentialOptions.cs#L25-L32
https://github.com/Azure/azure-sdk-for-go/blob/514985a4c9d311c90b86c74c6ff779abcec1ffcd/sdk/azidentity/azidentity.go#L107-L111

Should we match the precedence and consider reading the environment variable on behalf of the user, if they don't provide an option and ? If so, we'd want to design a solution that's non-breaking, because we can't use "is the option not set" as a sentinel to read the environment variable.

cc @antkmsft, @LarryOsterman
@ahsonkhan ahsonkhan added design-discussion An area of design currently under discussion and open to team and community feedback. Azure.Identity labels Aug 12, 2023
@RickWinter RickWinter added the Client This issue points to a problem in the data-plane of the library. label Aug 16, 2023
@joshfree
Copy link
Member

Related

@joshfree joshfree added this to the Backlog milestone Aug 28, 2023
@ahsonkhan ahsonkhan modified the milestones: Backlog, 2023-10 Sep 14, 2023
@ahsonkhan ahsonkhan self-assigned this Sep 14, 2023
@ahsonkhan ahsonkhan mentioned this issue Sep 21, 2023
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Jan 3, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ahsonkhan ahsonkhan

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. design-discussion An area of design currently under discussion and open to team and community feedback.
Projects
Azure Identity SDK Improvements
Archived in project
Milestone
2023-10
3 participants
@joshfree @RickWinter @ahsonkhan