You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
June Release Cycle - Start Early Feature Design for Nickel Beta-1
Design: Beta-1 Features
Feature: Support Tenant Id Challenges / Hints tenant-hint.md
Support Key Vaults across multiple tenants
Address common issues when customers use VS/VSCode credentials with multiple credentials signed in
Feature: Add support for Managed Identity regional AAD authentication endpoints #20027
- The [guidance] from the Azure IAM wiki for service teams using MI is to authenticate using a regional endpoint (e.g. https://eastus2euap.login.microsoft.com). However, the MSAL example given in the wiki uses APIs that are not currently exposed/used by [MsalConfidentialClient], namely WithAuthority(Uri, bool) and WithInstanceDicoveryMetadata(string).
- Today, when using the regional AAD endpoint with Azure.Identity (using a [ClientCertificateCredential]), we see an error Application error - the login request was malformed and could not be matched with an existing authentication endpoint or instance. The error goes away when using a global endpoint (https://login.microsoftonline.com/).
Feature: Support overriding MSI_ENDPOINT for dev-time debugging for the Azure Kubernetes Service team #670
- The Bridge to Kubernetes enables a user to natively debug one microservice on their local machine when "bridged" to other microservices running in Kubernetes. AKS is looking for an environment variable that can be overridden to specify a custom managed identity endpoint. This is required so that when the user's locally running code tries to call the managed identity endpoint for a token, they are able to intercept it and redirect the call to the cluster so that the token can be fetched from the endpoint on the cluster.
Feature: Allow Pre-populated account name in browser during interactive login #16983
Nickel Community Feature Requests related to StaticTokenCredential / token helper methods
Feature: Expose Credential type for DefaultAzureCredential and ChainedTokenCredential
- Enables users know which credential type is being used. #8948
Feature: Add new StaticTokenCredential type (prototype PR)
- Encapsulate an AAD credential with a prefetched token for an AAD application.
Request: Add support for fetching an access token from a refresh token
Request: provide the functionality of building a token credential from (a: existing credential, b: tenant id) for refresh token based credentials: InteractiveBrowserCredential and DeviceCodeCredential, VisualStudioCodeCredential (request)
Request: provide the functionality of setting tenant id for AzureCliCredential (request)
Request: provide a valid token in VisualStudioCodeCredentialBuilder without tenant id, use this token we can list the tenants (request)
Request: provide the functionality of listing cached account(azure environment, tenant id, user name, client id) for SharedTokenCacheCredential (request)
Feature: Add On-Behalf-Of (OBO) Auth Flow for the Microsoft Graph Team tracking issue
The OAuth 2.0 On-Behalf-Of flow (OBO) serves the use case where an application invokes a service/web API, which in turn needs to call another service/web API. The idea is to propagate the delegated user identity and permissions through the request chain. For the middle-tier service to make authenticated requests to the downstream service, it needs to secure an access token from the Microsoft identity platform, on behalf of the user.
joshfree
changed the title
Azure.Identity Improvements for .NET (May - August 2021)
Azure.Identity Improvements for .NET (June - September 2021)
May 3, 2021
Regarding the Tenant ID Challenge feature, are there tickets needed for for services that need to send the tenant ID in the challenge header in order to light up this feature? Like SQL Server, Postgres, Service Bus, etc
joshfree
changed the title
Azure.Identity Improvements for .NET (June - September 2021)
Azure.Identity Improvements for .NET (June - October 2021)
Sep 7, 2021
Azure.Identity June - October 2021 Releases
June Release Cycle - Start Early Feature Design for Nickel Beta-1
Design: Beta-1 Features
Feature: Support Tenant Id Challenges / Hints tenant-hint.md
Feature: Add support for Managed Identity regional AAD authentication endpoints #20027
- The [guidance] from the Azure IAM wiki for service teams using MI is to authenticate using a regional endpoint (e.g.
https://eastus2euap.login.microsoft.com
). However, the MSAL example given in the wiki uses APIs that are not currently exposed/used by [MsalConfidentialClient], namelyWithAuthority(Uri, bool)
andWithInstanceDicoveryMetadata(string)
.- Today, when using the regional AAD endpoint with Azure.Identity (using a [ClientCertificateCredential]), we see an error
Application error - the login request was malformed and could not be matched with an existing authentication endpoint or instance.
The error goes away when using a global endpoint (https://login.microsoftonline.com/
).Feature: Support overriding MSI_ENDPOINT for dev-time debugging for the Azure Kubernetes Service team #670
- The Bridge to Kubernetes enables a user to natively debug one microservice on their local machine when "bridged" to other microservices running in Kubernetes. AKS is looking for an environment variable that can be overridden to specify a custom managed identity endpoint. This is required so that when the user's locally running code tries to call the managed identity endpoint for a token, they are able to intercept it and redirect the call to the cluster so that the token can be fetched from the endpoint on the cluster.
Feature: Allow Pre-populated account name in browser during interactive login #16983
Nickel Community Feature Requests related to StaticTokenCredential / token helper methods
- Enables users know which credential type is being used. #8948
- Encapsulate an AAD credential with a prefetched token for an AAD application.
July Release Cycle - Beta-1 Feature Development
Code: Beta-1 Features
Design: Beta-2 Features
Feature: Add On-Behalf-Of (OBO) Auth Flow for the Microsoft Graph Team tracking issue
Feature: Create AzureApplicationCredential for the MS Graph Team #20364
August Release Cycle - Beta-2 Feature Development
Code: Beta-2 Features
September Release Cycle - Beta-3 Feature Development
On-Behalf-Of (OBO) Auth Flow Support
Support exchanging k8s token to AAD token
Community Feature Requests related to StaticTokenCredential / Token convenience methods
October Release Cycle - GA Release
November Release Cycle - Buffer
Related Work Items
The text was updated successfully, but these errors were encountered: