Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow token exchange URL configuration #2767

Merged
merged 7 commits into from
Apr 18, 2024
Merged

Allow token exchange URL configuration #2767

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e4959c2
initial commit adding configurable token exchange url
kellyyangsong Apr 16, 2024
5f144f3
Apply suggestions from code review
kellyyangsong Apr 17, 2024
238adad
use abstractions 5.2.0
kellyyangsong Apr 18, 2024
007fe84
Merge branch 'master' into kellysong/msi-fic-devex
kellyyangsong Apr 18, 2024
2eead72
separate ctor overload
kellyyangsong Apr 18, 2024
0361f6a
Merge branch 'kellysong/msi-fic-devex' of https://github.com/AzureAD/…
kellyyangsong Apr 18, 2024
e0b2d59
add msi fic support to changelog
kellyyangsong Apr 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 3 additions & 7 deletions src/Microsoft.Identity.Web.Certificate/SignedAssertionFromManagedIdentityCredentialLoader.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,10 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

using System;
using System.Collections.Generic;
using System.Net;
using System.Text;
using Azure.Identity;
using System.Threading;
using Microsoft.Identity.Abstractions;
using System.Threading.Tasks;
using Azure.Identity;
using Microsoft.Identity.Abstractions;

namespace Microsoft.Identity.Web
{
Expand All @@ -23,7 +19,7 @@ public async Task LoadIfNeededAsync(CredentialDescription credentialDescription,
ManagedIdentityClientAssertion? managedIdentityClientAssertion = credentialDescription.CachedValue as ManagedIdentityClientAssertion;
kellyyangsong marked this conversation as resolved.
Show resolved Hide resolved
if (credentialDescription.CachedValue == null)
{
managedIdentityClientAssertion = new ManagedIdentityClientAssertion(credentialDescription.ManagedIdentityClientId);
managedIdentityClientAssertion = new ManagedIdentityClientAssertion(credentialDescription.ManagedIdentityClientId/*, credentialDescription.tokenExchangeUrl*/); // TODO: update value upon abstractions release
}
try
{
Expand Down
7 changes: 5 additions & 2 deletions src/Microsoft.Identity.Web.Certificateless/ManagedIdentityClientAssertion.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,14 @@ namespace Microsoft.Identity.Web
public class ManagedIdentityClientAssertion : ClientAssertionProviderBase
{
private readonly TokenCredential _credential;
private readonly string _tokenExchangeUrl;

/// <summary>
/// See https://aka.ms/ms-id-web/certificateless.
/// </summary>
/// <param name="managedIdentityClientId">Optional ClientId of the Managed Identity or Workload Identity</param>
public ManagedIdentityClientAssertion(string? managedIdentityClientId)
/// <param name="tokenExchangeUrl">Optional token exchange resource url. Default value is "api://AzureADTokenExchange/.default".</param>
public ManagedIdentityClientAssertion(string? managedIdentityClientId, string tokenExchangeUrl = "api://AzureADTokenExchange/.default")
kellyyangsong marked this conversation as resolved.
Show resolved Hide resolved
{
_credential = new DefaultAzureCredential(
new DefaultAzureCredentialOptions
Expand All @@ -34,6 +36,7 @@ public ManagedIdentityClientAssertion(string? managedIdentityClientId)
ExcludeVisualStudioCodeCredential = true,
ExcludeVisualStudioCredential = true
});
_tokenExchangeUrl = tokenExchangeUrl;
}

/// <summary>
Expand All @@ -44,7 +47,7 @@ public ManagedIdentityClientAssertion(string? managedIdentityClientId)
protected override async Task<ClientAssertion> GetClientAssertion(CancellationToken cancellationToken)
{
var result = await _credential.GetTokenAsync(
new TokenRequestContext(["api://AzureADTokenExchange/.default"], null),
new TokenRequestContext([_tokenExchangeUrl], null),
kellyyangsong marked this conversation as resolved.
Show resolved Hide resolved
cancellationToken).ConfigureAwait(false);
return new ClientAssertion(result.Token, result.ExpiresOn);
}
Expand Down
Loading