microsoft-authentication-library-for-go icon indicating copy to clipboard operation
microsoft-authentication-library-for-go copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Review authority_endpoint_resolution_manager class

Open jennyf19 opened this issue 4 years ago • 2 comments

Specifically GetTenantDiscoveryResponse...do we really need to know if all those end points are there? we should be able to create these values.

cc: @abhidnya13

jennyf19 avatar Nov 13 '20 01:11 jennyf19

I'm not quite sure on this bug. The code has changed a lot, so I'm not sure if this is valid.

Can you look at authority.GetTenantDiscoveryResponse() and let me know if this is a problem?

This now returns:

// TenantDiscoveryResponse is the tenant endpoints from the OpenID configuration endpoint.
type TenantDiscoveryResponse struct {
	OAuthResponseBase

	AuthorizationEndpoint string `json:"authorization_endpoint"`
	TokenEndpoint         string `json:"token_endpoint"`
	Issuer                string `json:"issuer"`

	AdditionalFields map[string]interface{}
}

Where OAuthResponseBase (this is a composition here, not to be confused with inheritence):

type OAuthResponseBase struct {
	Error            string `json:"error"`
	SubError         string `json:"suberror"`
	ErrorDescription string `json:"error_description"`
	ErrorCodes       []int  `json:"error_codes"`
	CorrelationID    string `json:"correlation_id"`
	Claims           string `json:"claims"`
}

element-of-surprise avatar Jan 08 '21 00:01 element-of-surprise

Some MSAL libraries hardcode the endpoints, because we can tell if the authority is AAD, ADFS or B2C. MSAL Go relies on endpoint discovery (via HTTP call) and caching.

This is ok. Generally apps can rely on discovery and cache the results. It's only a problem for CLI apps, since the process restarts a lot, which invalidates the cache.

Keep this open as a potential enhancement.

bgavrilMS avatar Feb 03 '23 16:02 bgavrilMS