Client secret and certificate credentials use MSAL ConfidentialClientApplication #13215
Conversation
chlowell
added
Client
| @@ -73,7 +73,7 @@ | |||
| install_requires=[ | |||
| "azure-core<2.0.0,>=1.0.0", | |||
| "cryptography>=2.1.4", | |||
| "msal<2.0.0,>=1.3.0", | |||
| "msal<1.5.0,>=1.3.0", | |||
There was a problem hiding this comment.
No. The latest msal is 1.4.3. The purpose of this is to ensure the workaround for msal not accepting encrypted private keys isn't broken by the next minor version, which will accept encrypted keys. That's expected to land before we want to mark 1.5.0 stable, so I'll revert this change before then.
|
|
|
This allows the credentials to expose MSAL features to the Azure CLI without reimplementing them. |
|
For the time being. It would be better to have the same API for async applications--and eventually we will--but reimplementing parts of MSAL is unsustainable (see |
| return token | ||
|
|
||
| def _get_auth_client(self, tenant_id, client_id, **kwargs): | ||
| return AadClient(tenant_id, client_id, **kwargs) |
There was a problem hiding this comment.
We disabled proactive-refreshing?
There was a problem hiding this comment.
The base class inherits GetTokenMixin, which handles refreshing.
[Hub Generated] Review request for Microsoft.DeviceUpdate to add version preview/2020-03-01-preview (Azure#13215) * New Readme Config File * New Go Language Readme Config File * New Azure AZ Readme Config File * New Azure CLI Readme Config File * New Typescript Language Readme Config File * New Python Language Readme Config File * New C# Language Readme Config File * New AzureResourceSchema Readme Config File * New Swagger Spec File * New Swagger Example Spec File * Release of Device Update for IoT Hub control plane specification. * Fixing prettier issues. * Updating control plane swagger * Update deviceupdate.json * Update deviceupdate.json * Update deviceupdate.json * Update deviceupdate.json * add the multiapi section * Update Accounts_Delete.json * Update Instances_Delete.json Co-authored-by: David Pokluda <[email protected]> Co-authored-by: Alexander Batishchev <[email protected]> Co-authored-by: ArcturusZhang <[email protected]>
This implements the synchronous
ClientSecretCredentialandCertificateCredentialatopmsal.ConfidentialClientApplicationto enable them to leverage MSAL features.CertificateCredentialtemporarily relies on an MSAL implementation detail to support password protected certificates. MSAL will formally support passwords before azure-identity 1.5.0 (tracked at AzureAD/microsoft-authentication-library-for-python#232), so that's a temporary workaround.