[Identity] Reverting ClientSecretCredential and UsernamePasswordCredential to v1 only for browsers, and fixing Karma browser bundles #14910
Conversation
sadasant
requested review from
KarishmaGhiya,
HarshaNalluru,
ramya-rao-a and
witemple-msft
ghost
added
the
sadasant
changed the title
sadasant
changed the title
There was a problem hiding this comment.
Thanks for the detailed PR description @sadasant
This makes sense to me
Reviewed that the file added for ClientSecretCredential for browser has the exact same code as what we had for this credential in v1
|
There are a couple other node-related things present in the browser bundle, we are working on removing them. |
ramya-rao-a
dismissed
their stale review
Dismissing review as the scope of the PR has changed
sadasant
changed the title
| if (isNode) { | ||
| assert.equal(error.name, "CredentialUnavailableError"); | ||
| } else { | ||
| assert.equal(error.name, "AuthenticationError"); |
There was a problem hiding this comment.
This is the same behavior in v1 also right?
There was a problem hiding this comment.
i.e. the fact that error that user would get is different in node vs browser for the same test case?
There was a problem hiding this comment.
There was a problem hiding this comment.
The link suggests that previously we had AuthenticationError thrown for node as well. The reason for difference in node?
There was a problem hiding this comment.
This test uses ClientSecretCredential, which now has two different implementations. In this case the Node one is correct (on Node) because the provided tenant is not a valid tenant, so this credential can't be used. MSAL does validations like this that we don't do in v1.
sdk/identity/identity/CHANGELOG.md
Outdated
| @@ -2,6 +2,7 @@ | |||
|
|
|||
| ## 2.0.0-beta.3 (Unreleased) | |||
|
|
|||
| - Breaking change: Disabled `UsernamePasswordCredential` in browser bundles. This credential was never supported in browsers, but now that it uses MSAL, having it in browsers would break the browser bundles. | |||
There was a problem hiding this comment.
What was the exact behavior in v1 when someone used UsernamePasswordCredential in the browser?
There was a problem hiding this comment.
It would work if CORS was disabled too: https://github.com/Azure/azure-sdk-for-js/blob/hotfix/identity_1.3.0/sdk/identity/identity/src/credentials/usernamePasswordCredential.ts should I bring this credential back as well? (only for the browser, of course)
There was a problem hiding this comment.
If we are making ClientSecretCredential behavior in browser to be the same as in v1, shouldnt the same be applied to other credentials (other than of course InteractiveBrowserCredential)?
There was a problem hiding this comment.
We can touch the other credentials in a different PR, but since UsernamePasswordCredential is anyway being touched here, we should consider making the browser experience to be same as v1
There was a problem hiding this comment.
I can add UsernamePasswordCredential too. I feel like we should drop the ones we're not using to test stuff, but adding it would align us a little better with v1, so... I'll add it back.
There was a problem hiding this comment.
Pushed the v1 version of UsernamePasswordCredential on browsers 👍
sadasant
changed the title
|
Hello @sadasant! Because this pull request has the p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (
|
ghost
merged commit 
…ntial to v1 only for browsers, and fixing Karma browser bundles (Azure#14910) This PR makes it so `ClientSecretCredential` behaves like how it did on v1 only for browsers. It also ensures browser bundles can be used when built with Karma. --- ## ClientSecretCredential (and also UsernamePasswordCredential) Since the inception of Identity, we've been relying on `ClientSecretCredential` to be available in browsers to make it easier for us to automate bowser tests. Whether `ClientSecretCredential` should continue being available on browsers in the future, is something yet to be decided. We started a conversation on the matter here: Azure#14879 Our current plan is to switch master back to v1, as you can see here: Azure#14909 Since the v2 changes to `ClientSecretCredential` won't be reverted, that means that as soon as we move master back to v1, all of our current clients will immediately start working with the latest `ClientSecretCredential`. `ClientSecretCredential` was rewritten to use MSAL, specifically `@azure/msal-node`, which is not intended to work on browsers. This PR makes it so `ClientSecretCredential` is kept as it was on v1 only for browsers. This will: - Allow us to keep our current browser recordings. - Allow us to continue using this credential for browser tests. - On v1, dropping this credential on browsers would be a breaking change, so this technically reduces the differences with v1. **Important:** Keep in mind that while we've always supported this credential in browsers, it can only work if browser security is disabled. This isn't recommended outside of our tests, and it's not something we should be advertising. (Later we also did the same to `UsernamePasswordCredential`). --- ## Browser bundles While my initial change was scoped to one credential, I asked Harsha to test this PR and he found that the browser bundles would not work with Identity v2. We decided to fix it right away since this PR wouldn't be very useful with broken browser bundles.
This PR makes it so
ClientSecretCredentialbehaves like how it did on v1 only for browsers. It also ensures browser bundles can be used when built with Karma.ClientSecretCredential (and also UsernamePasswordCredential)
Since the inception of Identity, we've been relying on
ClientSecretCredentialto be available in browsers to make it easier for us to automate bowser tests.Whether
ClientSecretCredentialshould continue being available on browsers in the future, is something yet to be decided. We started a conversation on the matter here: #14879Our current plan is to switch master back to v1, as you can see here: #14909
Since the v2 changes to
ClientSecretCredentialwon't be reverted, that means that as soon as we move master back to v1, all of our current clients will immediately start working with the latestClientSecretCredential.ClientSecretCredentialwas rewritten to use MSAL, specifically@azure/msal-node, which is not intended to work on browsers.This PR makes it so
ClientSecretCredentialis kept as it was on v1 only for browsers. This will:Important:
Keep in mind that while we've always supported this credential in browsers, it can only work if browser security is disabled. This isn't recommended outside of our tests, and it's not something we should be advertising.
(Later we also did the same to
UsernamePasswordCredential).Browser bundles
While my initial change was scoped to one credential, I asked Harsha to test this PR and he found that the browser bundles would not work with Identity v2. We decided to fix it right away since this PR wouldn't be very useful with broken browser bundles.