Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure.Identity Improvements for Python (June - October 2021) #17217

Closed
7 tasks
joshfree opened this issue Mar 9, 2021 · 0 comments
Closed
7 tasks

Azure.Identity Improvements for Python (June - October 2021) #17217

joshfree opened this issue Mar 9, 2021 · 0 comments
Assignees
@chlowell
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. Epic
Milestone
[2021] October

Comments

@joshfree
Copy link
Member

joshfree commented Mar 9, 2021
edited
Loading

Azure.Identity June - October 2021 Releases

June Release Cycle - Start Early Feature Design for Nickel Beta-1

Design: Beta-1 Features

  1. Feature: Support Tenant Id Challenges / Hints tenant-hint.md

    • Support Key Vaults across multiple tenants
    • Address common issues when customers use VS/VSCode credentials with multiple credentials signed in

  2. Feature: Add support for Managed Identity regional AAD authentication endpoints #20027
    - The [guidance] from the Azure IAM wiki for service teams using MI is to authenticate using a regional endpoint (e.g. https://eastus2euap.login.microsoft.com). However, the MSAL example given in the wiki uses APIs that are not currently exposed/used by [MsalConfidentialClient], namely WithAuthority(Uri, bool) and WithInstanceDicoveryMetadata(string).
    - Today, when using the regional AAD endpoint with Azure.Identity (using a [ClientCertificateCredential]), we see an error Application error - the login request was malformed and could not be matched with an existing authentication endpoint or instance. The error goes away when using a global endpoint (https://login.microsoftonline.com/).

  3. Feature: Support overriding MSI_ENDPOINT for dev-time debugging for the Azure Kubernetes Service team #670
    - The Bridge to Kubernetes enables a user to natively debug one microservice on their local machine when "bridged" to other microservices running in Kubernetes. AKS is looking for an environment variable that can be overridden to specify a custom managed identity endpoint. This is required so that when the user's locally running code tries to call the managed identity endpoint for a token, they are able to intercept it and redirect the call to the cluster so that the token can be fetched from the endpoint on the cluster.

  4. Feature: Allow Pre-populated account name in browser during interactive login #16983

  5. Nickel Community Feature Requests related to StaticTokenCredential / token helper methods

  • Feature: Expose Credential type for DefaultAzureCredential and ChainedTokenCredential
    - Enables users know which credential type is being used. #8948
  • Feature: Add new StaticTokenCredential type (prototype PR)
    - Encapsulate an AAD credential with a prefetched token for an AAD application.
  • Request: Add support for fetching an access token from a refresh token
  • Request: provide the functionality of building a token credential from (a: existing credential, b: tenant id) for refresh token based credentials: InteractiveBrowserCredential and DeviceCodeCredential, VisualStudioCodeCredential (request)
  • Request: provide the functionality of setting tenant id for AzureCliCredential (request)
  • Request: provide a valid token in VisualStudioCodeCredentialBuilder without tenant id, use this token we can list the tenants (request)
  • Request: provide the functionality of listing cached account(azure environment, tenant id, user name, client id) for SharedTokenCacheCredential (request)

July Release Cycle - Beta-1 Feature Development

Code: Beta-1 Features

  1. Support Tenant Id Challenges / Hints
  2. Add support for Managed Identity regional AAD authentication endpoints
  3. MSI_ENDPOINT override via an API for the AKS team
  4. Allow Pre-populated account name in browser during interactive login

Design: Beta-2 Features

  1. Feature: Add On-Behalf-Of (OBO) Auth Flow for the Microsoft Graph Team tracking issue

  2. Feature: Create AzureApplicationCredential for the MS Graph Team #20364

August Release Cycle - Beta-2 Feature Development

Code: Beta-2 Features

  1. Create AzureApplicationCredential

September Release Cycle - Beta-3 Feature Development

  1. On-Behalf-Of (OBO) Auth Flow Support

  2. Support exchanging k8s token to AAD token

  3. Community Feature Requests related to StaticTokenCredential / Token convenience methods

October Release Cycle - GA Release

  1. Final Review of README.md / Quick Starts / Samples / Documentation for cross-language consistency

November Release Cycle - Buffer

Related Work Items
@joshfree joshfree added Client This issue points to a problem in the data-plane of the library. Epic Azure.Identity labels Mar 9, 2021
@joshfree joshfree added this to the [2021] August milestone Mar 9, 2021
@joshfree joshfree changed the title Azure.Identity Improvements for Python (May - August 2021) Azure.Identity Improvements for Python (June - September 2021) May 3, 2021
This was referenced Jun 17, 2021
Closed
Closed
Closed
Closed
@joshfree joshfree changed the title Azure.Identity Improvements for Python (June - September 2021) Azure.Identity Improvements for Python (June - October 2021) Sep 7, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Apr 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chlowell chlowell

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. Epic
Projects
None yet
Milestone
[2021] October
Development

No branches or pull requests
4 participants
@joshfree @chlowell @xiangyan99 @mccoyp