Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request] Support a credential description for auto decrypt keys #65

Closed
jmprieur opened this issue Mar 5, 2023 · 1 comment · Fixed by #66
Closed

[Feature Request] Support a credential description for auto decrypt keys #65

jmprieur opened this issue Mar 5, 2023 · 1 comment · Fixed by #66
Labels
enhancement New feature or request

Comments

@jmprieur
Copy link
Contributor

jmprieur commented Mar 5, 2023

Be able to support the following configuration:

            {
                "TokenDecryptionCredentials": [
                {
                    "SourceType": "AutoDecryptKeys",
                    "DecryptKeysApplicationTenant": "mytenant.onmicrosoftonline.com"
                    "DecryptKeysProtocol" : "bearer"
                }]
            }

This credential does not affect the container or ReferenceOrValue properties which should not be set and should return null for the soruce type "AutoDecryptKeys".

@jmprieur
Copy link
Contributor Author

jmprieur commented Mar 10, 2023

@RojaEnnam:
After discussion with @jennyf19, @GeoK and Keegan:
We're not going to have the application tenant and the protocol part of this credential, because we would actually need all the properties of AuthorizationHeaderProviderOptions. For instance if we need to use the Pop protocol, there is more that needs to be provided, in addition to the tenant (pop key, URL, etc ...)

Therefore.

  • We'll add the source type AutoDecryptKeys.
  • we could add an AuthorizationHeaderProviderOptions property here,

But I wonder if a better approach might not be to have a default property at the top Level, in MicrosoftIdentityApplicationOptions

/// <summary>
/// Default parameter used when the application needs to call a downstream API
/// on behalf of itself. 
/// In particular it describes the tenant to be used by default in the case of multi-tenant applications, but
/// can also describe the protocol used (Pop) and its parameters
/// </summary>
AuthorizationHeaderProviderOptions DefaultAppTokenOptions;
"DefaultDaemonScenarioOptions": {
    "AcquireTokenOptions": {
        "Tenant": "<tenant-id>"
        }
    }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
1 participant