Support managed identities and service principals #1372
Merged
Commits on Aug 15, 2023
-
-
msauth: rename GetTokenAsync to GetTokenForUserAsync
Rename the lone GetToken method to clarify that this is for user principals (regular user identities). This is in preparation for adding extra principal types including service principals, and managed identities. Also add some XML doc comments to the method.
-
msauth: abstract token cache init helpers
Refactor the token cache helper methods to allow us to re-use the existing cache registration logic with a different ITokenCache and StorageCreationProperties. This will be useful when we later introduce a confidential client application (for service principals) that needs a different cache location, and uses the AppTokenCache, rather than the User one.
-
msauth: add support for service principal auth
Add support for acquiring a token for a service principal. Either a client secret or certificate can be used to authenticate (the latter being preferred).
-
msauth: add support for managed identity
Add support for obtaining an access token using either the system-assigned and a user-assigned managed identity.
-
msauth: add MSAL app token cache support for CCAs
Add app token cache support for confidential client applications (service principals). This is a different cache than the one for user tokens that is used by public client applications (for normal users). We do not know of any other app token cache that we can share with currently, so we just use our own in the GCM data directory.
-
azrepos: support service principals and managed IDs
Allow a service principal or managed identity to be used to authenticate against Azure Repos. Required information for service principals is specified in Git config or environment variables, as is the ID for a managed identity.
-
azrepos: add tests of MID and SP get credential
Add tests of the `GetCredentialAsync` method on the `AzureReposHostProvider` using managed identity and service principal.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.