-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support managed identities and service principals #1372
Commits on Aug 15, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 6676986 - Browse repository at this point
Copy the full SHA 6676986View commit details -
msauth: rename GetTokenAsync to GetTokenForUserAsync
Rename the lone GetToken method to clarify that this is for user principals (regular user identities). This is in preparation for adding extra principal types including service principals, and managed identities. Also add some XML doc comments to the method.
Configuration menu - View commit details
-
Copy full SHA for b627044 - Browse repository at this point
Copy the full SHA b627044View commit details -
msauth: abstract token cache init helpers
Refactor the token cache helper methods to allow us to re-use the existing cache registration logic with a different ITokenCache and StorageCreationProperties. This will be useful when we later introduce a confidential client application (for service principals) that needs a different cache location, and uses the AppTokenCache, rather than the User one.
Configuration menu - View commit details
-
Copy full SHA for 89b099e - Browse repository at this point
Copy the full SHA 89b099eView commit details -
msauth: add support for service principal auth
Add support for acquiring a token for a service principal. Either a client secret or certificate can be used to authenticate (the latter being preferred).
Configuration menu - View commit details
-
Copy full SHA for 6a90c36 - Browse repository at this point
Copy the full SHA 6a90c36View commit details -
msauth: add support for managed identity
Add support for obtaining an access token using either the system-assigned and a user-assigned managed identity.
Configuration menu - View commit details
-
Copy full SHA for bfa87db - Browse repository at this point
Copy the full SHA bfa87dbView commit details -
msauth: add MSAL app token cache support for CCAs
Add app token cache support for confidential client applications (service principals). This is a different cache than the one for user tokens that is used by public client applications (for normal users). We do not know of any other app token cache that we can share with currently, so we just use our own in the GCM data directory.
Configuration menu - View commit details
-
Copy full SHA for f00c859 - Browse repository at this point
Copy the full SHA f00c859View commit details -
azrepos: support service principals and managed IDs
Allow a service principal or managed identity to be used to authenticate against Azure Repos. Required information for service principals is specified in Git config or environment variables, as is the ID for a managed identity.
1Configuration menu - View commit details
-
Copy full SHA for aafbda4 - Browse repository at this point
Copy the full SHA aafbda4View commit details -
azrepos: add tests of MID and SP get credential
Add tests of the `GetCredentialAsync` method on the `AzureReposHostProvider` using managed identity and service principal.
Configuration menu - View commit details
-
Copy full SHA for eff4ea6 - Browse repository at this point
Copy the full SHA eff4ea6View commit details