-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Identity] Using service-bus for manual test with MSAL 2.0 #13308
Conversation
Once finished and cleaned up, fixes #13307
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks okay to me, but can you also get one of the service bus folks to look at it?
@jonathandturner I'll get @HarshaNalluru 🌞 |
Co-authored-by: Harsha Nalluru <[email protected]>
@@ -2,7 +2,7 @@ | |||
|
|||
This package contains some simple manual verification for the use of Azure | |||
Identity with other Azure SDK libraries in the browser. For now, it just tests | |||
that the `InteractiveBrowserCredential` works with the `@azure/keyvault-keys` | |||
that the `InteractiveBrowserCredential` works with the `@azure/service-bus` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ran into this..
Access to fetch at 'https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Why don't I run into the same error when I'm bundling and serving with "parcel"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, running with a new AAD application worked fine.
Might be that the older AAD apps are not supported the same way?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They should work too 👍 the app that I have (the one you saw me run this through) is an older one. Can you try again?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It failed again, it is not a blocker of this PR. Based on our discussion offline, we don't know what's causing it.
Let's investigate further once the MSAL people get back to you on the issue.
Co-authored-by: Harsha Nalluru <[email protected]>
- Creating a Key Vault (if you haven't created one). | ||
- Either in the "Access policies" section of the creation form, or by going to your Key Vault's "Access policies" page, click con `+ Add Access Policy`, select all permissions, then select your AAD application as the "principal", then click "Add", then click "Save" if applicable. | ||
- Creating a Service Bus namespace (if you haven't created one). | ||
- Either in the "Access policies" section of the creation form, or by going to the Service Bus namespace's "Access policies" page, click con `+ Add Access Policy`, select all permissions, then select your AAD application as the "Service Bus Data Owner", then click "Add", then click "Save" if applicable. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just checked.. you can't add access policies while creation.. you need to go to the namespace and do it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you Harsha!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Either in the "Access policies" section of the creation form, or by going to the Service Bus namespace's "Access policies" page, click con `+ Add Access Policy`, select all permissions, then select your AAD application as the "Service Bus Data Owner", then click "Add", then click "Save" if applicable. | |
- Go to the Service Bus namespace's "Access control (IAM)" tab, click on `+ Add` > `Add role assignment`, Pick "Service Bus Data Owner" role, and select your AAD application to assign the role, then click "Save". |
Updates the Identity InteractiveBrowserCredential to work with MSAL 1 and 2, meaning with the Implicit Grant flow and the Auth Code Flow. Also moved it from using Key Vault to use Service Bus, since Key Vault doesn't allow CORS.
Relies on this update: #13263
Fixes #13307