You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
The cert-less scenario can be generalized into an identity federation scenario.
Implicit Azure provider in MSAL (IMDS)
Describe the solution you'd like
Expose the notion of FederatedTokenProvider (which can be used by MSAL.NET to provide an assertion). This could be an abstract class. The issue is with how to cache the assertion. What is the key
Rename MsiSignedAssertionProvider into AzureFederatedTokenProvider and make it public. (Maybe remove the base class)
Expose an option EnableIdentityFederation
Expose a property FederatedClientId, which would contain the UserAssignedManagedIdentityClientId or the system assigned managed identity clientId, and would explicitly explain that this is for the identity federation scenario.
Describe alternatives you've considered
implicitly attempt the msi signed assertion provider when there are not credentials. But the v-team prefers things to be explicit
Keep the UserAssignedManagedIdentityClientId
We could also have a data structure in the configuration:
Is your feature request related to a problem? Please describe.
Implicit Azure provider in MSAL (IMDS)
Describe the solution you'd like
MsiSignedAssertionProviderintoAzureFederatedTokenProviderand make it public. (Maybe remove the base class)EnableIdentityFederationFederatedClientId, which would contain the UserAssignedManagedIdentityClientId or the system assigned managed identity clientId, and would explicitly explain that this is for the identity federation scenario.Describe alternatives you've considered
The text was updated successfully, but these errors were encountered: