Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

{Identity} Support UsernamePasswordCredential.authenticate #13604

Merged
merged 1 commit into from
May 21, 2020
Merged

{Identity} Support UsernamePasswordCredential.authenticate #13604

merged 1 commit into from
May 21, 2020

Conversation

jiasli
Copy link
Member

@jiasli jiasli commented May 21, 2020
edited
Loading

Description
Due to the removal of UsernamePasswordCredential.authenticate, when username+password is used as the authentication method, Azure CLI can't persist user's AuthenticationRecord and utilize refresh tokens stored in MSAL cache. In such case, Azure CLI will have to save user's password by itself, which is absolutely not a good idea from a security perspective. See Azure/azure-sdk-for-python#11449, Azure/azure-sdk-for-python#11546

This PR solves the above issue by incorporating the changes from Azure/azure-sdk-for-python#11528

⚠ However, using this AuthenticationRecord correctly remains unsolved: Azure/azure-sdk-for-python#11448. We use InteractiveBrowserCredential as a temporary workaround:

azure-cli/src/azure-cli-core/azure/cli/core/_identity.py

Lines 292 to 293 in 595646e

return InteractiveBrowserCredential(authentication_record=auth_record, disable_automatic_authentication=True,
enable_persistent_cache=True)

Testing Guide

az login -u [email protected] -p xxxx

@jiasli jiasli changed the title Support UsernamePasswordCredential.authenticate {Identity} Support UsernamePasswordCredential.authenticate May 21, 2020
@jiasli jiasli self-assigned this May 21, 2020
@jiasli jiasli merged commit 5eec289 into Azure:identity May 21, 2020
@jiasli jiasli deleted the identity-password branch May 21, 2020 06:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qianwens qianwens qianwens approved these changes

@arrownj arrownj Awaiting requested review from arrownj

@fengzhou-msft fengzhou-msft Awaiting requested review from fengzhou-msft

@haroldrandom haroldrandom Awaiting requested review from haroldrandom

@Juliehzl Juliehzl Awaiting requested review from Juliehzl

Assignees

@jiasli jiasli

Labels
MSAL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jiasli @qianwens