-
Notifications
You must be signed in to change notification settings - Fork 304
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure SDK Review - [Azure Identity] #6448
Comments
Go and C/C++ are not planning a GA with this release as they have not yet picked up these features. .NET has already shipped the Core change for enabling CAE on the Core TokenRequestOptions type, so it is not included here. DAC should continue if a dev-time credential failsIssue for more context. In the case Continuous Access Evaluation for service principalsIssue for more context. CAE support is now configurable per request. This is exposed through a new property on We now maintain two token caches differentiated by filename. This should not be a visible change to users. The existing Although disabling CAE by default could be a breaking behavioral change for clients talking to services that support CAE and also are subject to a directory policy that forces it to be enabled, the impact is relatively minor given this is a rare policy and CAE support is rare among RPs. To resolve this issue, clients that support CAE need to add a client option to allow customers to opt in to CAE support. The rationale for the change is that keeping behavior as is could be worse, since clients unprepared for CAE challenges won't be able to properly respond and acquire tokens as their RP start supporting CAE. EnableSupportLogging in MSALIssue for more context. MSAL has requested we give users the ability to turn on additional MSAL logging. They have had ICMs that would have been much faster to resolve with this capability. For MSAL based credentials we add an option to enable this based on the name It should be clear that this feature will cause PII to be logged in an unredacted form. Our docs are clear about this danger, but we wanted to highlight it. New option for controlling interactive browser options for Azure PowerShell.Issue for more context. The Azure PowerShell team is required to customize the web view displayed after authentication. Identity needs to pass options through to MSAL to accomplish this. |
Notes and changes from archboard:
|
New SDK Review meeting has been requested.
Service Name: Azure Identity
Review Created By: Bill Wert
Review Date: 08/08/2023 02:05 PM PT
Hero Scenarios Link: Not Provided
Architecture Diagram Link: Not Provided
Core Concepts Doc Link: Not Provided
APIView Links: Javascript, Java, Python, .NET,
Description:
Detailed meeting information and documents provided can be accessed here
The text was updated successfully, but these errors were encountered: