Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthorizationCodeCredential doesn't use client secret #8004

Closed
chlowell opened this issue Oct 17, 2019 · 10 comments
Closed

AuthorizationCodeCredential doesn't use client secret #8004

chlowell opened this issue Oct 17, 2019 · 10 comments
Assignees
@xiangyan99
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Milestone
Backlog

Comments

@chlowell
Copy link
Member

No description provided.

@chlowell chlowell added Azure.Identity Client This issue points to a problem in the data-plane of the library. labels Oct 17, 2019
@chlowell chlowell self-assigned this Oct 17, 2019
@chlowell chlowell added this to the [2019] December milestone Oct 30, 2019
@chlowell chlowell removed this from the [2020] January milestone Mar 24, 2020
@chlowell chlowell added this to the Backlog milestone Apr 28, 2020
@xiangyan99
Copy link
Member

@chlowell could you provide more information? :)

@chlowell
Copy link
Member Author

chlowell commented Dec 9, 2021

AuthorizationCodeCredential has a client_secret kwarg but doesn't use its value. That makes it impossible for a confidential application, i.e. a web app, to use the credential. Fixing this is a low priority because the credential is unpopular. I wouldn't be surprised if no one uses it. It requires an application to acquire its own authorization code, presumably from some other library because azure-identity doesn't offer an API for that, and the credential instance is locked to the user it authenticates. I expect that's why we've had this issue open for a couple years without a +1 or a comment from an affected user (nor have I seen this problem mentioned elsewhere).

@lmazuel lmazuel assigned xiangyan99 and unassigned chlowell Dec 17, 2021
@ortonomy
Copy link

+1

@dyn4mic
Copy link

dyn4mic commented Feb 21, 2024
edited
Loading

@chlowell Whats the alternative to authenticate for Confidential applications with a link to a user?
i found a way to authenticate with msal but no way to pass this to GraphServiceClient.

@chlowell
Copy link
Member Author

It depends on the details of your scenario. Does your app run on a server or on client machines, and does it need to access resources owned by users?

@dyn4mic
Copy link

dyn4mic commented Feb 27, 2024

yes the app runs on a server, and it needs access to resources owned(own onedrive) and bound to user(group share, user is part of the group)

@chlowell
Copy link
Member Author

That sounds like a case for the on-behalf-of flow (documented here), which azure-identity supports with OnBehalfOfCredential.

@charantejmandali18
Copy link

Hi @chlowell i am also facing the same issue, but in my flow i am using AuthorizationCodeCredntial where the user logs in to the created application by giving consent, i get a auth_cde too the call back url, and i have to generate the access_token, i am able to generate the access token using msal , but not able to pass it to GraphServiceClient

@charantejmandali18
Copy link

Also i feel this needs a fix, otherwise there is no sense of AuthorizationCodeCredential Flow

@Darkbat91 Darkbat91 mentioned this issue Mar 20, 2024
Merged
6 tasks
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 5, 2024

Hi @chlowell, we deeply appreciate your input into this project. Regrettably, this issue has remained inactive for over 2 years, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Apr 5, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Apr 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@xiangyan99 xiangyan99

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
5 participants
@ortonomy @dyn4mic @chlowell @xiangyan99 @charantejmandali18