-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[QUERY] - Get AAD Auth token from Azure Commercial to Azure Gov Cloud - is it possible? #16622
Comments
@tapasudenia Hello, Mr Udenia! I’m Daniel. I’ll be doing my best to help you! First, I’ll answer your questions. Second, I’ll ask you some :) Your questions:
Yes it is! We’re working on a sample for this scenario, but essentially, you can send the most appropriate const identity = require("@azure/identity");
const credential = new identity.ClientSecretCredential({
authorityHost: identity.AzureAuthorityHosts.AzureGovernment
});
I believe you’ll need to use My questions: Are you expecting to use Generally, I see scopes that represent the permissions given to the app registration on the Are you able to reproduce the same problem with a scope like What services are you expecting to reach with this credential? I can help you find an appropriate scope. |
Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you! |
Compute 2021-11-01 Release (Azure#17120) * compute folder with pre-population * fix examples folder * fix an example file * update compute to match last version * run prettier fix examples * change capitalization * Compute Swagger changes to include cross-region Restore Points scenarios (Azure#16570) * RRP changes in swagger * Fix conflicts * fix validations * Fix instance view * Revert "Compute Swagger changes to include cross-region Restore Points scenarios (Azure#16570)" (Azure#16663) This reverts commit 70a8729e86b30440cdd3c239272e31dff7f9627b. * sync with last version * add missing examples * suppress bodyTopLevelProperties * Add VMSS filter to List VMs (Azure#16813) * change1 for change file * change description * change description * add suppression for required properties * Revert "Add VMSS filter to List VMs (Azure#16813)" (Azure#16956) This reverts commit 231fd2260cb9e63ba16d8b15d405f3134fe612c1. * Remove impossible state from example (Azure#16544) * Downmerging change from Azure:main (Azure#16654) Co-authored-by: Avinash Akka <[email protected]> * Added CVM settings for version 2021-11-01 (Azure#16622) * Added CVM settings * added examples * Add CMK examples * fixed typo * fixed file name * prettier check * removed a br * changed to VMDiskSecurityProfile * type as object * Added vm size properties for vm scale set (Azure#16723) * Added vm size properties * Added get examples * Added example for vm size properties * Added example for vm size properties Co-authored-by: Theodore Chang <[email protected]> * Spec for ProtectedSettingsFromKeyVault and AllowExtensionOperations (Azure#16590) * KV changes * adding allowExtensionOperation * fixing examples * Add repairAction to auto repairs feature and update grace period to PT10M (Azure#16535) * Add timeCreated to properties for VM, VMSS, CR, DH resources (Azure#16539) * add creationTime to properties for VM, VMSS, CR, DH resources + remove required location for Resources * rename creationTime to timeCreated * examples for timeCreated * add minimum api-version to descriptions for timeCreated * add GetVirtualMachineScaleSet example * reformat example Co-authored-by: Chase Van Buskirk <[email protected]> * DedicatedHost Reboot Feature (Azure#16737) * added new feature to compute.json * added example for my feature * prettier check on the reboot example * fixed names of parameters in example file: * changed name to DedicatedHosts_reboot and moved change to where the other DH APIs are * added cloud error to the reboot * fixed default error, it was in the wrong spot * moved reboot to end of specs * moved older swagger files to 2021-11-01 * reverted previous commit * renamed reboot to restart as per sameers comment * updated description as per sameers comment * updated api version to 2021-11-01 per sameers comment * Adding the new paramaters zone/placementGroupId to forceRecoveryServiceFabricPlatformUpdateDomainWalk VMSS API (Azure#17041) * save (Azure#17091) Co-authored-by: Theodore Chang <[email protected]> * Update compute.json (Azure#16482) When a customer tries to scale VMSS using Terraform, since the current definitions do not have publicIpPrefix property, the new VM will be assigned a random IP address which is outside the range of public Ip prefix. Customer has to resolve the issue by deleting the Vmss and recreating it. This PR tries to resolve the issue by adding the publicIpPrefix property in the JSON definition which is used to generate a request for VMSS update. More details about the issue can be found here - Azure/azure-rest-api-specs#10190 * add vmss filter to list (Azure#16957) * change1 for change file * change description * change description Co-authored-by: LexieXie <[email protected]> * move Kashif's change to 2021-11-01 * Revert "Spec for ProtectedSettingsFromKeyVault and AllowExtensionOperations (Azure#16590)" (Azure#17121) This reverts commit 220cfd0638942c04275d69fd485ceb2da02a96d3. * fix CI failures, and run prettier on added examples * for credscan. change password example * Update readme.python.md * Compute Swagger changes to include cross-region Restore Points scenarios (Azure#16682) * RRP changes in swagger * Fix conflicts * fix validations * Fix instance view * change instance view * Fix example * Fix prettier * Fix and modify description * Review comments * make new api call long-running-operation * compute folder with pre-population * fix examples folder * fix an example file * update compute to match last version * run prettier fix examples * change capitalization * Compute Swagger changes to include cross-region Restore Points scenarios (Azure#16570) * RRP changes in swagger * Fix conflicts * fix validations * Fix instance view * Revert "Compute Swagger changes to include cross-region Restore Points scenarios (Azure#16570)" (Azure#16663) This reverts commit 70a8729e86b30440cdd3c239272e31dff7f9627b. * sync with last version * add missing examples * Add VMSS filter to List VMs (Azure#16813) * change1 for change file * change description * change description * Revert "Add VMSS filter to List VMs (Azure#16813)" (Azure#16956) This reverts commit 231fd2260cb9e63ba16d8b15d405f3134fe612c1. * Remove impossible state from example (Azure#16544) * Added CVM settings for version 2021-11-01 (Azure#16622) * Added CVM settings * added examples * Add CMK examples * fixed typo * fixed file name * prettier check * removed a br * changed to VMDiskSecurityProfile * type as object * Added vm size properties for vm scale set (Azure#16723) * Added vm size properties * Added get examples * Added example for vm size properties * Added example for vm size properties Co-authored-by: Theodore Chang <[email protected]> * Spec for ProtectedSettingsFromKeyVault and AllowExtensionOperations (Azure#16590) * KV changes * adding allowExtensionOperation * fixing examples * Add repairAction to auto repairs feature and update grace period to PT10M (Azure#16535) * Add timeCreated to properties for VM, VMSS, CR, DH resources (Azure#16539) * add creationTime to properties for VM, VMSS, CR, DH resources + remove required location for Resources * rename creationTime to timeCreated * examples for timeCreated * add minimum api-version to descriptions for timeCreated * add GetVirtualMachineScaleSet example * reformat example Co-authored-by: Chase Van Buskirk <[email protected]> * DedicatedHost Reboot Feature (Azure#16737) * added new feature to compute.json * added example for my feature * prettier check on the reboot example * fixed names of parameters in example file: * changed name to DedicatedHosts_reboot and moved change to where the other DH APIs are * added cloud error to the reboot * fixed default error, it was in the wrong spot * moved reboot to end of specs * moved older swagger files to 2021-11-01 * reverted previous commit * renamed reboot to restart as per sameers comment * updated description as per sameers comment * updated api version to 2021-11-01 per sameers comment * Adding the new paramaters zone/placementGroupId to forceRecoveryServiceFabricPlatformUpdateDomainWalk VMSS API (Azure#17041) * save (Azure#17091) Co-authored-by: Theodore Chang <[email protected]> * Update compute.json (Azure#16482) When a customer tries to scale VMSS using Terraform, since the current definitions do not have publicIpPrefix property, the new VM will be assigned a random IP address which is outside the range of public Ip prefix. Customer has to resolve the issue by deleting the Vmss and recreating it. This PR tries to resolve the issue by adding the publicIpPrefix property in the JSON definition which is used to generate a request for VMSS update. More details about the issue can be found here - Azure/azure-rest-api-specs#10190 * add vmss filter to list (Azure#16957) * change1 for change file * change description * change description Co-authored-by: LexieXie <[email protected]> * move Kashif's change to 2021-11-01 * fix CI failures, and run prettier on added examples * Revert "Spec for ProtectedSettingsFromKeyVault and AllowExtensionOperations (Azure#16590)" (Azure#17121) This reverts commit 220cfd0638942c04275d69fd485ceb2da02a96d3. * for credscan. change password example * make new api call long-running-operation * Update readme.python.md * Compute Swagger changes to include cross-region Restore Points scenarios (Azure#16682) * RRP changes in swagger * Fix conflicts * fix validations * Fix instance view * change instance view * Fix example * Fix prettier * Fix and modify description * Review comments * update Repair action to enum and update readme * rebase to main since 2021-08-01 merged. update readme * update x-ms-enum name for RepairType * add default response to operations * update * put back 'required' tag for Resource.Location property and use a new object for VM_LIST return object * fix json format * update examples * run prettier on updated examples * update example for credScan * add VirtualMachineResource for toplevel property suppression. * lint diff errors * lint diff fix update * remove change for VMextensions.location bug * return readme file and examples before vm.vmextension.location change Co-authored-by: sukodava <[email protected]> Co-authored-by: Dapeng Zhang <[email protected]> Co-authored-by: xielexie <[email protected]> Co-authored-by: Mike Richmond <[email protected]> Co-authored-by: Avinash <[email protected]> Co-authored-by: Avinash Akka <[email protected]> Co-authored-by: ms-saypaul <[email protected]> Co-authored-by: Raktima Das <[email protected]> Co-authored-by: kamusta-msft <[email protected]> Co-authored-by: frank-pang-msft <[email protected]> Co-authored-by: Chase VanBuskirk <[email protected]> Co-authored-by: Chase Van Buskirk <[email protected]> Co-authored-by: vbhasker-msft <[email protected]> Co-authored-by: avjai <[email protected]> Co-authored-by: kangsun-ctrl <[email protected]> Co-authored-by: karthikka4820 <[email protected]> Co-authored-by: LexieXie <[email protected]> Co-authored-by: Yuchao Yan <[email protected]>
Query/Question
I am working on one project which is the integration of an app hosted in Azure commercial cloud with an app hosted in Azure Gov Cloud(.us). I need to get AAD auth token for an app-registration present in commercial cloud with the scope for an app registration created in Azure Gov Cloud.
Scenario
app registration id: app-reg-a-id
Tenant: some-commercial-tenant-a
app registration id: app-reg-b-id
Tenant: some-usgov-tenant-a
Referring to https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
POST - https://login.microsoftonline.com/common/oauth2/v2.0/token
grant_type - client_credentials
client_id - app-reg-a-id
client_secret - app-reg-a-secret-value
scope- app-reg-b-id/.default
Error:
AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials
I tried setting
tenant
value too, get the same error.Sample Code:
const newToken = async () => {
process.env.AZURE_CLIENT_SECRET = appSecret;
const scope =
app-reg-b-id/.default
;const credential = new ClientSecretCredential(
'some-usgov-tenant-a',
'app-reg-a-id',
'app-reg-a-secret-value',
{
authorityHost:
https://login.microsoftonline.us
,},
);
const {token: aadToken} = await credential.getToken(scope);
return aadToken;
};
Error: AADSTS700016 - Application with identifier 'app-reg-a-id' was not found in the directory 'some-usgov-tenant-a'
Also tried changing the authorityHost to https://login.microsoftonline.com
Error: AADSTS900382: Confidential Client is not supported in Cross Cloud request.
Question:
Please share any other thoughts.
The text was updated successfully, but these errors were encountered: