Charles Lowell
Charles Lowell
We need the `azidentity` part of this (#19529) to complete the end-to-end feature, but that's waiting on the next version of MSAL, which has been delayed by bugs and holidays....
We still want to support this, however we rely on MSAL for Go for public client authentication and it doesn't support this yet: - https://github.com/AzureAD/microsoft-authentication-library-for-go/issues/242 - https://github.com/AzureAD/microsoft-authentication-library-for-go/issues/243
That PR added a confidential client feature. This issue tracks SHR PoP for public clients, which requires brokered authentication (WAM on Windows). MSAL for Go doesn't support brokered authentication, so...
Thanks for opening this issue. I agree such a poller would be useful. Unfortunately, it's impossible to implement today because there's nothing to poll. Key Vault doesn't have an API...
I tagged the Key Vault team on this issue. Can you please also describe your scenario for them--why is it important to permanently delete old versions of a secret when...
We can do this any time, it's non-breaking. It isn't strictly necessary, but I think we should export `IDToken` and any other internal types that are transitively exposed by public...
> Unlike MSAL.NET, MSAL GO will actually figure out the token_endpoint and authorize_endpoint from the STS, via OIDC discovery (@chlowell to keep me honest) Yes, that's the design: https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/1f802fb142172e9fa7fbdfc1d19431b98e423e0d/apps/internal/oauth/resolvers.go#L47-L48
I want to run CI on PRs by default though, and run it again on each push, to prevent merging broken code. I assume the motivation for the current setup...
This is an interesting issue, thanks for opening it. I believe the old behavior--suggesting a partition key for OBO data only--was incorrect and that azd can ignore the suggestion in...
> `AcquireTokenInteractive`, providing no partition key hints, but `AcquireTokenSilent` does. Thanks for pointing this out. Both methods should suggest the same key (#424). I suppose azd might work as before...