Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Identity] Evaluate expires_on field in AzureCliCredential #5116

Closed
scottaddie opened this issue Nov 3, 2023 · 3 comments · Fixed by #5180
Closed

[Identity] Evaluate expires_on field in AzureCliCredential #5116

scottaddie opened this issue Nov 3, 2023 · 3 comments · Fixed by #5180
Assignees
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Milestone

Comments

@scottaddie
Copy link
Member

As of Azure CLI v2.54.0, the az account get-access-token command returns a new expires_on field containing a POSIX timestamp. This behavior is a departure from previous versions, in which the local datetime was returned in an expiresOn field. Update AzureCliCredential to also consider the new expires_on field.

Related links:

@scottaddie scottaddie added Client This issue points to a problem in the data-plane of the library. Azure.Identity labels Nov 3, 2023
@scottaddie scottaddie moved this from Untriaged to Blocked in Azure Identity SDK Improvements Nov 3, 2023
@scottaddie
Copy link
Member Author

Marking as blocked until the az cli release ships.

@antkmsft
Copy link
Member

Marking as blocked until the az cli release ships.

Az CLI v.2.54.0 has shipped, I was able to obtain it via Winget.

@ahsonkhan
Copy link
Member

From cross-language discussion:

  1. We want to parse and use the new expires_on field if it exists, as is, as a Posix time (seconds since UTC). In this case, we don't use the existing field at all.
  2. If that field doesn't exist, use the existing expiresOn field as a fallback, parsed as local time.

This way, existing Az Cli version continue to work which doesn't have the new field and newer versions have no ambiguity in parsing.

Note: We don't do any validation or semantic comparison within the SDK for the two fields being equal, and parse the string values, as is.

Current implementation in other languages:
Java - https://github.com/Azure/azure-sdk-for-java/blob/7e7e2ed65189a9a3e0ad1b29d4ecdf2e9456ba74/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientBase.java#L646
.NET - https://github.com/Azure/azure-sdk-for-net/blob/b33e3472d0d5b9551554c3ee136b71c630b5173c/sdk/identity/Azure.Identity/src/Credentials/AzureCliCredential.cs#L228-L238

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Projects
Development

Successfully merging a pull request may close this issue.

3 participants