-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] MicrosoftIdentityOptions and DefaultCertificateLoader should support user assigned managed identity #1007
Comments
The LoadFromKeyVault method of DefaultCertificateLoader needs both certificate and secret permissions in key vault. In our use case it would be beneficial if different client ids could be provided for the certificate client and secret client used within the LoadFromKeyVault method. |
@admsteck : do you want to provide a PR that we could examine? |
PR is #1008 |
Wei replied this would be nice to have it to allow customers to pass user assigned MSI clientId from the code instead of changing App service settings, |
I retract this comment. It appears our requirements have changed and the original scope of this issue/PR will be sufficient for our needs. |
proposed fix for #1007 * Adding support for user assigned managed identity * Update src/Microsoft.Identity.Web/CertificateManagement/DefaultCertificateLoader.cs Co-authored-by: jennyf19 <jeferrie@microsoft.com>
Included in 1.8.0 release |
Is your feature request related to a problem? Please describe.
Currently, DefaultCertificateLoader only supports system assigned managed identities, whereas customers and partners also need it to support user assigned managed identity
Describe the solution you'd like
Have a new property named
UserAssignedManagedIdentityClientId
inMicrosoftIdentityOptions
so that developers can provide the user assigned managed identity client ID.For customers using ASP.NET (not core), and therefore directly the
DefaultCertificateLoader
, also expose it as a static public member ofDefaultCertificateLoader
Additional context
The text was updated successfully, but these errors were encountered: