Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Identity] Add support for Managed Identity regional AAD authentication endpoints #15762

Closed
sadasant opened this issue Jun 16, 2021 · 0 comments · Fixed by #15778
Closed

[Identity] Add support for Managed Identity regional AAD authentication endpoints #15762

sadasant opened this issue Jun 16, 2021 · 0 comments · Fixed by #15778
Assignees
@sadasant
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Milestone
[2021] July

Comments

@sadasant
Copy link
Contributor

sadasant commented Jun 16, 2021
edited
Loading

From: #14210

Feature: Add support for Managed Identity regional AAD authentication endpoints #20027

  • The [guidance] from the Azure IAM wiki for service teams using MI is to authenticate using a regional endpoint (e.g. https://eastus2euap.login.microsoft.com). However, the MSAL example given in the wiki uses APIs that are not currently exposed/used by [MsalConfidentialClient], namely WithAuthority(Uri, bool) and WithInstanceDicoveryMetadata(string).
  • Today, when using the regional AAD endpoint with Azure.Identity (using a [ClientCertificateCredential]), we see an error Application error - the login request was malformed and could not be matched with an existing authentication endpoint or instance. The error goes away when using a global endpoint (https://login.microsoftonline.com/).

.NET’s PR: Azure/azure-sdk-for-net#21590
@sadasant sadasant added Client This issue points to a problem in the data-plane of the library. Azure.Identity labels Jun 16, 2021
@sadasant sadasant added this to the [2021] July milestone Jun 16, 2021
@sadasant sadasant self-assigned this Jun 16, 2021
This was referenced Jun 16, 2021
Merged
Closed
@ghost ghost closed this as completed in #15778 Jun 18, 2021
ghost pushed a commit that referenced this issue Jun 18, 2021
@sadasant
[Identity] Adding regional STS support (#15778)
32c780f 
Added regional STS support to client credential types.
- Added the `RegionalAuthority` type, that allows specifying Azure regions.
- Added `regionalAuthority` property to `ClientSecretCredentialOptions` and `ClientCertificateCredentialOptions`.
- If instead of a region, `autoDiscoverRegion` is specified as the value for `regionalAuthority`, MSAL will be used to attempt to discover the region.
- A region can also be specified through the `AZURE_REGIONAL_AUTHORITY_NAME` environment variable.

Fixes #15762 
Fixes #15714
openapi-sdkautomation bot pushed a commit to AzureSDKAutomation/azure-sdk-for-js that referenced this issue Sep 8, 2021
CodeGen from PR 15762 in Azure/azure-rest-api-specs
8dbb4d6 
Use IncidentSeverity in IncidentInfo (Azure#15762)

Co-authored-by: Anat Gilenson <[email protected]>
@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sadasant sadasant

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Projects
None yet
Milestone
[2021] July
Development

Successfully merging a pull request may close this issue.

[Identity] Adding regional STS support sadasant/azure-sdk-for-js
1 participant
@sadasant