You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Feature: Add support for Managed Identity regional AAD authentication endpoints #20027
The [guidance] from the Azure IAM wiki for service teams using MI is to authenticate using a regional endpoint (e.g. https://eastus2euap.login.microsoft.com). However, the MSAL example given in the wiki uses APIs that are not currently exposed/used by [MsalConfidentialClient], namely WithAuthority(Uri, bool) and WithInstanceDicoveryMetadata(string).
Today, when using the regional AAD endpoint with Azure.Identity (using a [ClientCertificateCredential]), we see an error Application error - the login request was malformed and could not be matched with an existing authentication endpoint or instance. The error goes away when using a global endpoint (https://login.microsoftonline.com/).
Added regional STS support to client credential types.
- Added the `RegionalAuthority` type, that allows specifying Azure regions.
- Added `regionalAuthority` property to `ClientSecretCredentialOptions` and `ClientCertificateCredentialOptions`.
- If instead of a region, `autoDiscoverRegion` is specified as the value for `regionalAuthority`, MSAL will be used to attempt to discover the region.
- A region can also be specified through the `AZURE_REGIONAL_AUTHORITY_NAME` environment variable.
Fixes#15762Fixes#15714
From: #14210
Feature: Add support for Managed Identity regional AAD authentication endpoints #20027
https://eastus2euap.login.microsoft.com
). However, the MSAL example given in the wiki uses APIs that are not currently exposed/used by [MsalConfidentialClient], namelyWithAuthority(Uri, bool)
andWithInstanceDicoveryMetadata(string)
.Application error - the login request was malformed and could not be matched with an existing authentication endpoint or instance.
The error goes away when using a global endpoint (https://login.microsoftonline.com/
)..NET’s PR: Azure/azure-sdk-for-net#21590
The text was updated successfully, but these errors were encountered: