diff --git a/Directory.Build.props b/Directory.Build.props
index 5e3a0cad4..6724bdc3e 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -86,7 +86,7 @@
4.36.0
4.57.0-preview
3.1.3
- 5.1.0
+ 5.2.0
diff --git a/changelog.md b/changelog.md
index 0c3c48f61..cb5cfcd17 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1,10 @@
+Pending Next Release
+=========
+- Update to Microsoft.Identity.Abstractions 5.2.0
+
+### New features
+- Added support for Managed Identity Federated Identity Credential. See issue [2749](https://github.com/AzureAD/microsoft-identity-web/issues/2749) for details.
+
2.17.5
=========
- Updated to MSAL 4.59.1.
@@ -12,7 +19,7 @@
2.17.3
=========
- Updated to Microsoft.IdentityModel.* 7.5.0
-
+
2.17.2
=========
diff --git a/src/Microsoft.Identity.Web.Certificate/SignedAssertionFromManagedIdentityCredentialLoader.cs b/src/Microsoft.Identity.Web.Certificate/SignedAssertionFromManagedIdentityCredentialLoader.cs
index 1067e1af4..84dad53af 100644
--- a/src/Microsoft.Identity.Web.Certificate/SignedAssertionFromManagedIdentityCredentialLoader.cs
+++ b/src/Microsoft.Identity.Web.Certificate/SignedAssertionFromManagedIdentityCredentialLoader.cs
@@ -1,14 +1,10 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
-using System;
-using System.Collections.Generic;
-using System.Net;
-using System.Text;
-using Azure.Identity;
using System.Threading;
-using Microsoft.Identity.Abstractions;
using System.Threading.Tasks;
+using Azure.Identity;
+using Microsoft.Identity.Abstractions;
namespace Microsoft.Identity.Web
{
@@ -23,7 +19,7 @@ public async Task LoadIfNeededAsync(CredentialDescription credentialDescription,
ManagedIdentityClientAssertion? managedIdentityClientAssertion = credentialDescription.CachedValue as ManagedIdentityClientAssertion;
if (credentialDescription.CachedValue == null)
{
- managedIdentityClientAssertion = new ManagedIdentityClientAssertion(credentialDescription.ManagedIdentityClientId);
+ managedIdentityClientAssertion = new ManagedIdentityClientAssertion(credentialDescription.ManagedIdentityClientId, credentialDescription.TokenExchangeUrl);
}
try
{
diff --git a/src/Microsoft.Identity.Web.Certificateless/CertificatelessConstants.cs b/src/Microsoft.Identity.Web.Certificateless/CertificatelessConstants.cs
new file mode 100644
index 000000000..15b0e749b
--- /dev/null
+++ b/src/Microsoft.Identity.Web.Certificateless/CertificatelessConstants.cs
@@ -0,0 +1,11 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+namespace Microsoft.Identity.Web.Certificateless
+{
+ internal class CertificatelessConstants
+ {
+ // Managed Identity Federated Identity Credential
+ internal const string DefaultTokenExchangeUrl = "api://AzureADTokenExchange";
+ }
+}
diff --git a/src/Microsoft.Identity.Web.Certificateless/ManagedIdentityClientAssertion.cs b/src/Microsoft.Identity.Web.Certificateless/ManagedIdentityClientAssertion.cs
index 80fea702b..2aad3fa0a 100644
--- a/src/Microsoft.Identity.Web.Certificateless/ManagedIdentityClientAssertion.cs
+++ b/src/Microsoft.Identity.Web.Certificateless/ManagedIdentityClientAssertion.cs
@@ -5,6 +5,7 @@
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
+using Microsoft.Identity.Web.Certificateless;
namespace Microsoft.Identity.Web
{
@@ -14,6 +15,7 @@ namespace Microsoft.Identity.Web
public class ManagedIdentityClientAssertion : ClientAssertionProviderBase
{
private readonly TokenCredential _credential;
+ private readonly string _tokenExchangeUrl;
///
/// See https://aka.ms/ms-id-web/certificateless.
@@ -34,6 +36,17 @@ public ManagedIdentityClientAssertion(string? managedIdentityClientId)
ExcludeVisualStudioCodeCredential = true,
ExcludeVisualStudioCredential = true
});
+ _tokenExchangeUrl = CertificatelessConstants.DefaultTokenExchangeUrl;
+ }
+
+ ///
+ /// See https://aka.ms/ms-id-web/certificateless.
+ ///
+ /// Optional ClientId of the Managed Identity or Workload Identity
+ /// Optional token exchange resource url. Default value is "api://AzureADTokenExchange/.default".
+ public ManagedIdentityClientAssertion(string? managedIdentityClientId, string? tokenExchangeUrl) : this (managedIdentityClientId)
+ {
+ _tokenExchangeUrl = tokenExchangeUrl ?? CertificatelessConstants.DefaultTokenExchangeUrl;
}
///
@@ -44,7 +57,7 @@ public ManagedIdentityClientAssertion(string? managedIdentityClientId)
protected override async Task GetClientAssertion(CancellationToken cancellationToken)
{
var result = await _credential.GetTokenAsync(
- new TokenRequestContext(["api://AzureADTokenExchange/.default"], null),
+ new TokenRequestContext([_tokenExchangeUrl+"./default"], null),
cancellationToken).ConfigureAwait(false);
return new ClientAssertion(result.Token, result.ExpiresOn);
}