Core::Credentials::TokenCredential implementation for public clients

[benstadlbauer]

Query/Question
Is there/or will there be an implementation of the Core::Credentials::TokenCredential class for public clients? Where one does not need to provide a client certificate or client secret. Similar to the .NET PublicClientApplication class or Python PublicClientApplication class. Or is there a way to achieve this using azure-sdk-for-cpp?

Why is this not a Bug or a feature Request?
Not a bug: I'm not running code with expectations different than the outcome. Not a feature request: I'm not suggesting to implement something. I'm simply asking a question.

Setup (please complete the following information if applicable):

• OS: Windows
• IDE : Visual Studio
• Version of the Library used: commit 593464cedaf21b00d7b6fd1467f25ab9284ebe1b azure-core_1.6.0, azure-identity_1.3.0-beta.2

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

• Query Added
• Setup information Added

Thank you!

[antkmsft]

Hi @benstadlbauer, can you please provide more details, how would you want to use that type of credential? How would you like the code to look like? If you have a code snippet in other language, that's good too.
PublicClientApplication is from MSAL library and not Azure SDK, and there is no publicly available C++ MSAL at the moment. But we may be able figure something out, depending on your scenario.

[benstadlbauer]

Hey @antkmsft, I'm very new to this library and I wasn't really sure how to formulate the question. I also was not aware, that the MSAL library is something different than the Azure SDK, but I am still not sure how these two relate. According to this stackoverflow post, which refers to this github issue and this other github issue, it seems that MSAL is a building block for AzureSDK.

What I was looking for initially was something like

auto cred = Azure::Identity::PublicClientCredential(getTenantId(), getClientId());
auto tokens = cred.get(getScopes());

which automatically opens up a browser window to sign-in, similar to Get Azure AD tokens by using the MSAL Python library. I'm also not sure how the tokens would look like.

The reason why I ask is I have to implement the authentication process for accessing a resource via a REST API, where the authentication follows a federated authentication. In the end I need to attach a cookie to my requests (among a certificate but I'm not sure about that either), so I guess the variable tokens would contain this cookie somehow. I already have implemented a process using cpprestsdk, but the way I get the cookie now is I recreated the authentication protocol, containing of several HTTP GET and POST requests, each of them returning information for the subsequent ones. This was very tedious.

Conclusion: Apparently I would need a MSAL library for C++, which does not exist (yet).

I don't know enough about these processes (yet) to propose a way how to implement something in this library which could to a federated authentication process interactively (opening a browser window).

[antkmsft]

@benstadlbauer, you are right, if MSAL is available, it can be a dependency for an azure-identity, and then the azure-identity would wrap around some of its functionality and provide support for the scenarios such as interactive log-on with browser window. As I said, unfortunately, there isn't MSAL for C++ at the moment.

So, to your question, there is currently no interactive log on with UI support in the library.

We'll see what we can do, maybe we could provide some class with a virtual function, or with some callback, that gets called and it gives you a URL to display, or an HTML that you can render in the UI, but that won't happen in the next few months at least.

[benstadlbauer]

@antkmsft thank you for your information. Closing the issue now.