AADIntegration icon indicating copy to clipboard operation
AADIntegration copied to clipboard

Published 20 hours ago verified publisher icon aspnet

Proposes more flexible AzureADOptions, and defaulting to AzureAD v2.0

Open jmprieur opened this issue 6 years ago • 9 comments

Proposes improvements to the AzureADOptions:

  • make it possible to specify the Audience of the tokens that will be accepted (with a default which is consistent with the Azure AD experience). For the moment it's hardcoded to {ClientId}
  • make it possible to specity the Authority (for the moment it's hardcoded to {Instance}/{TenantId}. This is needed to make v2.0 primary without having users to have the change app generated by dotnet new mvc
  • Proposing to remove Domain, and rename TenantId in Tenant as the tenant identification can be specified as a TenantID (a Guid), or a domain, or some well known "meta-tenants" (common, organizations and consumers)

Proposing that Web applications are now v2.0 apps by default.

Proposing improvements to the XML documentation

Note that This PR is essentially to start the discussion. It's not mean to be final. In particular, no special effort was made for the tests yet

jmprieur avatar Oct 31 '18 14:10 jmprieur

CLA assistant check
All CLA requirements met.

dnfclas avatar Oct 31 '18 14:10 dnfclas

@Tratcher @brentschmaltz FYI

jmprieur avatar Oct 31 '18 14:10 jmprieur

@blowdart @BillHiebert This would need to be accompanied with template and tooling changes to get the right fields populated in config.

Tratcher avatar Oct 31 '18 15:10 Tratcher

Without tooling changes this can't be merged, the VS UI would get everything wrong. So it's not as simple as this PR :)

blowdart avatar Oct 31 '18 15:10 blowdart

I'm well aware of this, @blowdart : this is a proposal to help the discussion that @Tratcher and I have been having offline. Some of the things we'd want to consider is the breaking changes:

  • are we happy with renaming TenantId to Tenant? or not. Note that we could do with keeping TenantId (which would be one less breaking change) and use it for tenant information in general: not necessarily a guid. That's the case today, even if the meaning is not very clear
  • are we happy to remove Domain (which is not used anywhere btw)

Then as far as template and tooling changes, could you please send me the location of the repos, so that we propose PRs?

jmprieur avatar Oct 31 '18 15:10 jmprieur

I have no real feelings about the changes, if they matched the Azure Portal wording for these details that would be best (assuming this won't change of course)

blowdart avatar Oct 31 '18 15:10 blowdart

@phenning for tooling.

Tratcher avatar Oct 31 '18 16:10 Tratcher

Template code: https://github.com/aspnet/Templating/blob/master/src/Microsoft.DotNet.Web.ProjectTemplates/content/StarterWeb-CSharp/appsettings.json

Tratcher avatar Oct 31 '18 16:10 Tratcher

https://github.com/aspnet/AADIntegration/issues/50

Tratcher avatar Oct 31 '18 16:10 Tratcher