[Feature Request] Support for new Azure ML Managed Identity

[Robbie-Microsoft]

MSAL client type

Managed identity

Problem statement

Core Library
MSAL Node (@azure/msal-node)

Wrapper Library
Not Applicable

Public or Confidential Client?
Confidential

Description
MSAL client type
Managed identity

Problem statement
The Azure ML Managed Identity API is not the same as the App Service 2017-09-01 API, requiring explicit support to accommodate its unique authentication flow.

Key Differences
Expiration Time Format

The expires_on field is returned as an integer, whereas App Service returns it as a string.
The implementation must correctly handle integer-based expiration times
Mandatory clientid Parameter

Unlike App Service, all token requests must specify a clientid, even for system-assigned managed identities.
The platform provides a default client ID via the environment variable:
DEFAULT_IDENTITY_CLIENT_ID
The system should default to this environment variable when no client ID is explicitly provided.
Proposed solution
Add explicit support for the Azure ML Managed Identity API in MSAL.

Alternatives
No response

Notes
Original ask in Azure SDK for JS: Azure/azure-sdk-for-js#27920

Proposed solution

No response

Alternatives

No response

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• [Feature Request] Support for new Azure ML Managed Identity #5167
• [Bug] Managed Identity: In the Machine Learning source, the client id is sent incorrectly in the network request #5183

Powered by issue-sentinel